Category Archives: Digital Security

Digital security is the process of protecting your online identity, data, and other assets from intruders, such as hackers, scammers, and fraudsters. It is essential for trust in the digital age, as well as for innovation, competitiveness, and growth. This field covers the economic and social aspects of cybersecurity, as opposed to purely technical aspects and those related to criminal law enforcement or national and international security.

In this category, you will find articles related to digital security that have a direct or indirect connection with the activities of Freemindtronic Andorra or that may interest the readers of the article published in this category. You will learn about the latest trends, challenges, and solutions in this field, as well as the best practices and recommendations from experts and organizations such as the OECD. You will also discover how to protect your personal data from being used and sold by companies without your consent.

Whether you are an individual, a business owner, or a policy maker, you will benefit from reading these articles and gaining more knowledge and awareness about this topic and its importance for your online safety and prosperity. Some of the topics that you will find in this category are:

  • How to prevent and respond to cyberattacks
  • How to use encryption and cryptography to secure your data
  • How to manage risks and vulnerabilities
  • How to comply with laws and regulations
  • How to foster a culture of security in your organization
  • How to educate yourself and others about this topic

We hope that you will enjoy reading these articles and that they will inspire you to take action to improve your security. If you have any questions or feedback, please feel free to contact us.

image_pdfimage_print

5Ghoul: 5G NR Attacks on Mobile Devices

5Ghoul: 5G NR Attacks on Mobile Devices
5Ghoul Attacks on Mobile Devices written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

5Ghoul: A Threat to 5G Security

5G has benefits, but also risks. 5Ghoul is a set of 5G NR flaws that affect Qualcomm and MediaTek modems, used by most 5G devices. 5Ghoul can disrupt or make unusable smartphones, routers and modems 5G. In this article, we will see what 5Ghoul is, how it compares to other 5G attacks, and how to protect yourself with contactless encryption, which uses NFC.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board

Andorran law

Llei 26/2014 del 30 d’octubre de patents

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

5Ghoul: How Contactless Encryption Can Secure Your 5G Communications from Modem Attacks

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems. These flaws allow to launch denial-of-service attacks or degrade the quality of the 5G network.

What is 5Ghoul?

5Ghoul is a set of 14 5G NR (New Radio) vulnerabilities, the protocol that governs the communication between 5G devices and base stations (gNB). Among these vulnerabilities, 10 are public and 4 are still confidential. They were discovered by researchers from the Singapore University of Technology and DesignSingapore University of Technology and Design.

The 5Ghoul vulnerabilities exploit implementation errors in Qualcomm and MediaTek modems, which do not comply with the specifications of the 5G NR protocol. They allow an attacker to create a fake base station, which pretends to be a legitimate one, and send malicious messages to 5G devices that connect to it. These messages can cause errors, crashes or infinite loops in the modems, resulting in denial-of-service attacks or degradations of the quality of the 5G network.

Which devices are affected by 5Ghoul?

The researchers tested the 5Ghoul vulnerabilities on 714 models of 5G smartphones from 24 different brands, including Lenovo, Google, TCL, Microsoft, etc. They also tested routers and modems 5G from various manufacturers. They found that the 5Ghoul vulnerabilities affect all 5G devices equipped with Qualcomm and MediaTek modems, which account for more than 90% of the market.

What are the impacts of 5Ghoul?

The impacts of 5Ghoul depend on the vulnerability exploited and the type of device targeted. The researchers classified the 5Ghoul vulnerabilities into three categories, according to their severity:

Level 1 vulnerabilities

Level 1 vulnerabilities are the most severe. They allow to render 5G devices completely unusable, by locking them in a state where they can neither connect nor disconnect from the 5G network. These vulnerabilities require a manual reboot of the devices to be resolved. Among the level 1 vulnerabilities, there is for example the CVE-2023-33043, which causes a crash of the Qualcomm X55/X60 modem by sending an invalid MAC/RLC message.

Level 2 vulnerabilities

Level 2 vulnerabilities are less critical, but still harmful. They allow to degrade the quality of the 5G network, by reducing the throughput, latency or stability of the connection. These vulnerabilities can be resolved by reconnecting to the 5G network. Among the level 2 vulnerabilities, there is for example the CVE-2023-33044, which causes packet loss on the MediaTek T750 modem by sending an invalid RRC message.

Level 3 vulnerabilities

Level 3 vulnerabilities are the least dangerous. They allow to disrupt the normal functioning of 5G devices, by displaying error messages, modifying settings or triggering alerts. These vulnerabilities have no impact on the quality of the 5G network. Among the level 3 vulnerabilities, there is for example the CVE-2023-33045, which causes an error message on the Qualcomm X55/X60 modem by sending an invalid RRC message.

How to protect yourself from 5Ghoul?

The researchers informed the manufacturers of Qualcomm and MediaTek modems of the 5Ghoul vulnerabilities, as well as the 5G network operators and the 5G device manufacturers. They also published a demonstration kit of the 5Ghoul vulnerabilities on GitHub, to raise awareness among the public and the scientific community of the risks of 5G NR.

To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, as soon as they are available. They must also avoid connecting to unreliable or unknown 5G networks, which could be fake base stations. In case of doubt, they can disable 5G and use 4G or Wi-Fi.

How 5Ghoul compares to other 5G attacks?

5Ghoul is not the first security flaw that affects 5G. Other 5G attacks have been discovered in the past, exploiting weaknesses in the protocol or in the equipment. Here are some examples of 5G attacks and their differences with 5Ghoul:

ReVoLTE

ReVoLTE is an attack that allows to listen to voice calls 4G and 5G by exploiting a vulnerability in the encryption of data. This vulnerability is due to the fact that some base stations reuse the same encryption key for multiple communication sessions, which allows an attacker to decrypt the content of the calls by capturing the radio signals.

It is different from 5Ghoul because it does not target the 5G modem, but the encryption of data. ReVoLTE also requires that the attacker be close to the victim and have specialized equipment to intercept the radio signals. ReVoLTE does not cause denial of service or degradation of the network, but it compromises the confidentiality of communications.

ToRPEDO

ToRPEDO is an attack that allows to locate, track or harass mobile phone users 4G and 5G by exploiting a vulnerability in the paging protocol. This protocol is used to notify mobile devices of incoming calls or messages. By sending repeated messages to a phone number, an attacker can trigger paging messages on the network, and thus determine the position or identity of the target device.

It is different from 5Ghoul because it does not target the 5G modem, but the paging protocol. ToRPEDO also requires that the attacker knows the phone number of the victim and has access to the mobile network. ToRPEDO does not cause denial of service or degradation of the network, but it compromises the privacy of users.

IMP4GT

IMP4GT is an attack that allows to degrade the quality of the 5G network by exploiting a vulnerability in the security protocol. This protocol is used to authenticate and encrypt the communications between 5G devices and base stations. By modifying the messages exchanged between the two parties, an attacker can mislead the network and the device on the level of security required, and thus reduce the throughput or latency of the connection.

It is different from 5Ghoul because it does not target the 5G modem, but the security protocol. IMP4GT also requires that the attacker be close to the base station and have equipment capable of modifying the messages. IMP4GT does not cause denial of service or crash of the modem, but it degrades the quality of the network.

SS7

SS7 is a set of signaling protocols used by mobile operators to establish and manage calls and messages between different networks. SS7 has existed since the 1970s and has not evolved much since, making it vulnerable to hacking attacks. By exploiting the flaws of SS7, an attacker can intercept SMS and voice calls, locate and track users, bypass two-factor authentication, or subscribe subscribers to paid services without their consent.

It is different from 5Ghoul because it does not target the 5G modem, but the signaling protocol. SS7 affects all types of mobile networks, including 5G, because it still uses SS7 for some functions, such as mobility management or compatibility with 2G and 3G networks. SS7 requires that the attacker has access to the signaling network, which is not easy to obtain, but not impossible. SS7 does not cause denial of service or crash of the modem, but it compromises the confidentiality and integrity of communications.

How and why to encrypt SMS, MMS and RCS without contact?

Contactless encryption is a method of protecting mobile communications that uses NFC (Near Field Communication) technology to establish a secure connection between two devices. NFC is a wireless communication protocol that allows to exchange data by bringing two compatible devices within a few centimeters of each other.

Contactless encryption relies on the use of an external device called NFC HSM (Hardware Security Module), which is a hardware security module that stores and manages encryption keys. The NFC HSM comes in the form of a card, a keychain or a bracelet, that the user must bring close to his phone to activate the encryption. The NFC HSM communicates with the phone via NFC and transmits the encryption key needed to secure the messages.

The technologies EviCore NFC HSM and EviCypher NFC HSM are examples of contactless encryption solutions developed by the Andorran company Freemindtronic. EviCore NFC HSM is a hardware security module that allows to encrypt SMS, MMS and RCS (Rich Communication Services) end-to-end, meaning that only the recipients can read the messages. EviCypher NFC HSM is a hardware security module that allows to encrypt multimedia files (photos, videos, audio, etc.) and share them via SMS, MMS or RCS.

Contactless encryption has several advantages over conventional encryption of mobile communications:

It offers a higher level of security, because the encryption key is not stored on the phone, but on the NFC HSM, which is more difficult to hack or steal.

It is compatible with all types of mobile networks, including 5G, because it does not depend on the communication protocol used, but on NFC.

It is easy to use, because it is enough to bring the NFC HSM close to the phone to activate the encryption, without having to install a specific application or create an account.

It is transparent, because it does not change the appearance or functioning of the messages, which remain accessible from the native application of the phone.

Statistics on 5Ghoul

How widespread are 5Ghouls? What are the trends and impacts of these flaws? Some statistics on 5Ghoul, based on sources and data that are a priori reliable.

5Ghoul: a threat to 5G devices

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems, which are used by most 5G devices on the market. According to the researchers who discovered 5Ghoul, these vulnerabilities can cause denial-of-service attacks or network degradations.

  • How many 5G devices are affected by 5Ghoul? According to a report by Counterpoint Research, Qualcomm and MediaTek accounted for 79% of the global smartphone chipset market in Q3 2020. Qualcomm had a 39% share, while MediaTek had a 40% share. Assuming that all Qualcomm and MediaTek chipsets are vulnerable to 5Ghoul, this means that nearly 8 out of 10 smartphones are potentially at risk.
  • How many 5G NR vulnerabilities are known? According to the CVE (Common Vulnerabilities and Exposures) database. There are 16 CVE entries related to 5G NR as of April 2021. Four of them are ZeroDay vulnerabilities that have not been publicly disclosed nor fixed by the manufacturers. These vulnerabilities are classified as level 1 or 2, meaning that they can cause denial-of-service attacks or network degradations.
  • How many 5G attacks have been reported? According to the SANS Internet Storm Center, there have been no reports of 5Ghoul attacks in the wild as of April 2021. However, this does not mean that 5Ghoul is not exploited by malicious actors. The researchers who discovered 5Ghoul have developed a proof-of-concept tool called 5Ghoul-Scanner, which can detect and exploit 5Ghoul vulnerabilities. They have also released a video demonstration of 5Ghoul attacks.

Conclusion

5Ghoul is a security flaw that affects 5G modems from Qualcomm and MediaTek, which are used by most 5G devices on the market. 5Ghoul allows an attacker to disrupt the functioning of smartphones, routers and modems 5G, or even make them unusable. 5Ghoul stands out from other 5G attacks known, such as ReVoLTE, ToRPEDO, IMP4GT or SS7, by the fact that it targets the 5G modem, that it does not require secret information or specialized equipment, and that it causes denial-of-service attacks or degradations of the network. To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, and avoid connecting to unreliable or unknown 5G networks.

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
Ledger security breaches written by Jacques Gascuel, inventor specializing in safety and security of sensitive data, for Freemindtronic. This article will be updated with any new information on the topic.

Ledger security incidents: How Hackers Exploited Them and How to Stay Safe

Ledger security breaches have exposed the personal data and private keys of many users. Ledger is a French company that provides secure devices to store and manage your funds. But since 2017, hackers have targeted Ledger’s e-commerce and marketing database, as well as its software and hardware products. In this article, you will discover the different breaches, how hackers exploited them, what their consequences were, and how you can protect yourself from these threats.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

Ledger Security Breaches from 2017 to 2023: How to Protect Your Cryptocurrencies from Hackers

Have you ever wondered how safe your cryptocurrencies are? If you are using a Ledger device, you might think that you are protected from hackers and thieves. Ledger is a French company that specializes in cryptocurrency security. It offers devices that allow you to store and manage your funds securely. These devices are called hardware wallets, and they are designed to protect your private keys from hackers and thieves.

However, since 2017, Ledger has been victim of several security breaches, which have exposed the personal data and private keys of its users. These breaches could allow hackers to steal your cryptocurrencies or harm you in other ways. In this article, we will show you the different breaches that were discovered, how they were exploited, what their consequences were, and how you can protect yourself from these threats.

Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)

The seed phrase is a series of words that allows you to restore access to a cryptocurrency wallet. It must be kept secret and secure, as it gives full control over the funds. In February 2018, a security researcher named Saleem Rashid discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to recover the seed phrase using a side-channel attack.

How did hackers exploit the breach?

The attack consisted of using an oscilloscope to measure the voltage variations on the reset pin of the device. These variations reflected the operations performed by the secure processor of the Ledger Nano S, which generated the seed phrase. By analyzing these variations, the attacker could reconstruct the seed phrase and access the user’s funds.

Simplified diagram of the attack

Figure Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)
Statistics on the breach
  • Number of potentially affected users: about 1 million
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: February 20, 2018
  • Author of the discovery of the breach: Saleem Rashid, a security researcher
  • Date of publication of the fix by Ledger: April 3, 2018

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to an oscilloscope and measure the voltage variations on the reset pin. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.
  • Scenario of remote access: The attacker needs to trick the user into installing a malicious software on their computer, which can communicate with the device and trigger the reset pin. The attacker then needs to capture the voltage variations remotely, either by using a wireless device or by compromising the oscilloscope. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.

Sources

1Breaking the Ledger Security Model – Saleem Rashid published on March 20, 2018.

2Ledger Nano S: A Secure Hardware Wallet for Cryptocurrencies? – Saleem Rashid published on November 20, 2018.

Ledger Security Flaws: The Firmware Replacement Attack (March 2018)

The firmware is the software that controls the operation of the device. It must be digitally signed by Ledger to ensure its integrity. In March 2018, the same researcher discovered another breach in the Ledger Nano S, which allowed an attacker to replace the firmware of the device with a malicious firmware, capable of stealing the private keys or falsifying the transactions.

How did hackers exploit the Ledger Security Breaches?

The attack consisted of exploiting a vulnerability in the mechanism of verification of the firmware signature. The attacker could create a malicious firmware that passed the signature check, and that installed on the device. This malicious firmware could then send the user’s private keys to the attacker, or modify the transactions displayed on the device screen.

Simplified diagram of the attack

Figure Ledger Security Flaws: The Firmware Replacement Attack (March 2018)

Statistics on the breach

  • Number of potentially affected users: about 1 million
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: March 20, 2018
  • Author of the discovery of the breach: Saleem Rashid, a security researcher
  • Date of publication of the fix by Ledger: April 3, 2018

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to a computer and install the malicious firmware on it. The attacker can then use the device to access the user’s funds or falsify their transactions.
  • Scenario of remote access: The attacker needs to trick the user into installing the malicious firmware on their device, either by sending a fake notification, a phishing email, or a malicious link. The attacker then needs to communicate with the device and send the user’s private keys or modify their transactions.

Sources

: [Breaking the Ledger Security Model – Saleem Rashid] published on March 20, 2018.

: [Ledger Nano S Firmware 1.4.1: What’s New? – Ledger Blog] published on March 6, 2018.

Ledger Security Incidents: The Printed Circuit Board Modification Attack (November 2018)

The printed circuit board is the hardware part of the device, which contains the electronic components. It must be protected against malicious modifications, which could compromise the security of the device. In November 2018, a security researcher named Dmitry Nedospasov discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to modify the printed circuit board and install a listening device, capable of capturing the private keys or modifying the transactions.

How did hackers exploit the breach?

The attack consisted of removing the case of the device, and soldering a microcontroller on the printed circuit board. This microcontroller could intercept the communications between the secure processor and the non-secure processor of the Ledger Nano S, and transmit them to the attacker via a wireless connection. The attacker could then access the user’s private keys, or modify the transactions displayed on the device screen.

Simplified diagram of the attack

figure Ledger Security Incidents: The Printed Circuit Board Modification Attack (November 2018)

Statistics on the breach

  • Number of potentially affected users: unknown
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: November 7, 2019
  • Author of the discovery of the breach: Dmitry Nedospasov, a security researcher
  • Date of publication of the fix by Ledger: December 17, 2020

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to remove the case of the device and solder the microcontroller on the printed circuit board. The attacker can then use the wireless connection to access the user’s funds or modify their transactions.
  • Scenario of remote access: The attacker needs to compromise the wireless connection between the device and the microcontroller, either by using a jammer, a repeater, or a hacker device. The attacker can then intercept the communications between the secure processor and the non-secure processor, and access the user’s funds or modify their transactions.

Sources

  • [Breaking the Ledger Nano X – Dmitry Nedospasov] published on November 7, 2019.
  • [How to Verify the Authenticity of Your Ledger Device – Ledger Blog] published on December 17, 2020.

Ledger Security Breaches: The Connect Kit Attack (December 2023)

The Connect Kit is a software that allows users to manage their cryptocurrencies from their computer or smartphone, by connecting to their Ledger device. It allows to check the balance, send and receive cryptocurrencies, and access services such as staking or swap.

The Connect Kit breach was discovered by the security teams of Ledger in December 2023. It was due to a vulnerability in a third-party component used by the Connect Kit. This component, called Electron, is a framework that allows to create desktop applications with web technologies. The version used by the Connect Kit was not up to date, and had a breach that allowed hackers to execute arbitrary code on the update server of the Connect Kit.

How did hackers exploit the Ledger Security Breaches?

The hackers took advantage of this breach to inject malicious code into the update server of the Connect Kit. This malicious code was intended to be downloaded and executed by the users who updated their Connect Kit software. The malicious code aimed to steal the sensitive information of the users, such as their private keys, passwords, email addresses, or phone numbers.

Simplified diagram of the attack

Figure Ledger Security Breaches The Connect Kit Attack (December 2023)

Statistics on the breach

  • Number of potentially affected users: about 10,000
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: December 14, 2023
  • Author of the discovery of the breach: Pierre Noizat, director of security at Ledger
  • Date of publication of the fix by Ledger: December 15, 2023

Scenarios of hacker attacks

  • Scenario of remote access: The hacker needs to trick the user into updating their Connect Kit software, either by sending a fake notification, a phishing email, or a malicious link. The hacker then needs to download and execute the malicious code on the user’s device, either by exploiting a vulnerability or by asking the user’s permission. The hacker can then access the user’s information or funds.
  • Scenario of keyboard: The hacker needs to install a keylogger on the user’s device, either by using the malicious code or by another means. The keylogger can record the keystrokes of the user, and send them to the hacker. The hacker can then use the user’s passwords, PIN codes, or seed phrases to access their funds.
  • Scenario of screen: The hacker needs to install a screen recorder on the user’s device, either by using the malicious code or by another means. The screen recorder can capture the screen of the user, and send it to the hacker. The hacker can then use the user’s QR codes, addresses, or transaction confirmations to steal or modify their funds.

Sources

Ledger Security Breaches: The Data Leak (December 2020)

The database is the system that stores the information of Ledger customers, such as their names, addresses, phone numbers and email addresses. It must be protected against unauthorized access, which could compromise the privacy of customers. In December 2020, Ledger revealed that a breach in its database had exposed the personal data of 292,000 customers, including 9,500 in France.

How did hackers exploit the breach?

The breach had been exploited by a hacker in June 2020, who had managed to access the database via a poorly configured API key. The hacker had then published the stolen data on an online forum, making them accessible to everyone. Ledger customers were then victims of phishing attempts, harassment, or threats from other hackers, who sought to obtain their private keys or funds.

Simplified diagram of the attack :

Statistics on the breach

  • Number of affected users: 292,000, including 9,500 in France
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: June 25, 2020
  • Author of the discovery of the breach: Ledger, after being notified by a researcher
  • Date of publication of the fix by Ledger: July 14, 2020

Scenarios of hacker attacks

  • Scenario of phishing: The hacker sends an email or a text message to the user, pretending to be Ledger or another trusted entity. The hacker asks the user to click on a link, enter their credentials, or update their device. The hacker then steals the user’s information or funds.
  • Scenario of harassment: The hacker calls or visits the user, using their personal data to intimidate them. The hacker threatens the user to reveal their identity, harm them, or steal their funds, unless they pay a ransom or give their private keys.
  • Scenario of threats: The hacker uses the user’s personal data to find their social media accounts, family members, or friends. The hacker then sends messages or posts to the user or their contacts, threatening to harm them or expose their cryptocurrency activities, unless they comply with their demands.

Sources:
– [Ledger Data Breach: A Cybersecurity Update – Ledger Blog] published on January 29, 2021.

Comparison with other crypto wallets

Ledger is not the only solution to secure your cryptocurrencies. There are other options, such as other hardware wallets, software wallets, or exchanges. Each option has its advantages and disadvantages, depending on your needs and preferences. For example, other hardware wallets, such as Trezor or Keepser, offer similar features and security levels as Ledger, but they may have different designs, interfaces, or prices. Software wallets, such as Exodus or Electrum, are more convenient and accessible, but they are less secure and more vulnerable to malware or hacking. Exchanges, such as Coinbase or Binance, are more user-friendly and offer more services, such as trading or staking, but they are more centralized and risky, as they can be hacked, shut down, or regulated. Another option is to use a cold wallet, such as SeedNFC HSM, which is a patented HSM that uses NFC technology to store and manage your cryptocurrencies offline, without any connection to the internet or a computer. It also allows you to create up to 100 cryptocurrency wallets and check the balances from this NFC HSM.

Technological, Regulatory, and Societal Projections

The future of cryptocurrency security is uncertain and challenging. Many factors can affect Ledger and its users, such as technological, regulatory, or societal changes.

Technological changes

It changes could bring new threats, such as quantum computing, which could break the encryption of Ledger devices, or new solutions, such as biometric authentication or segmented key authentication patented by Freemindtronic, which could improve the security of Ledger devices.

Regulatory changes

New rules or restrictions could affect Cold Wallet and Hardware Wallet manufacturers and users, such as Ledger. For example, KYC (Know Your Customer) or AML (Anti-Money Laundering) requirements could compromise the privacy and anonymity of Ledger users. They could also ban or limit the use of cryptocurrencies, which could reduce the demand and value of Ledger devices. On the other hand, other manufacturers who have anticipated these new legal constraints could have an advantage over Ledger. Here are some examples of regulatory changes that could affect Ledger and other crypto wallets:

  • MiCA, the proposed EU regulation on crypto-asset markets, aims to create a harmonized framework for crypto-assets and crypto-asset service providers in the EU. It also seeks to address the risks and challenges posed by crypto-assets, such as consumer protection, market integrity, financial stability and money laundering.
  • U.S. interagency report on stablecoins recommends that Congress consider new legislation to ensure that stablecoins and stablecoin arrangements are subject to a federal prudential framework. It also proposes additional features, such as limiting issuers to insured depository institutions, subjecting entities conducting stablecoin activities (e.g., digital wallets) to federal oversight, and limiting affiliations between issuers and commercial entities.
  • Revised guidance from the Financial Action Task Force (FATF) on virtual assets and virtual asset service providers (VASPs) clarifies the application of FATF standards to virtual assets and VASPs. It also introduces new obligations and recommendations for PSAVs, such as the implementation of the travel rule, licensing and registration of PSAVs, and supervision and enforcement of PSAVs.

These regulatory changes could have significant implications for Ledger and other crypto wallets. They could require them to comply with new rules and standards, to obtain new licenses or registrations, to implement new systems and processes, and to face new supervisory and enforcement actions.

Societal changes

Societal changes could influence the perception and adoption of Ledger and cryptocurrencies, such as increased awareness and education, which could increase the trust and popularity of Ledger devices, or increased competition and innovation, which could challenge the position and performance of Ledger devices. For example, the EviSeed NFC HSM technology allows the creation of up to 100 cryptocurrency wallets on 5 different blockchains chosen freely by the user.

Technological alternatives

Technological alternatives are already available, such as EviCore NFC HSM, EviCore HSM OpenPGP, EviCore NFC HSM Browser Extension and the NFC HSM devices that work without contact, developed and manufactured by Freemindtronic in Andorra. These are new cyber security and safety technologies that use HSMs with or without NFC. They offer a wide range of security features to manage your cryptocurrencies and other digital assets. These technologies also offer the hardware management of complex and complicated passwords by EviPass NFC HSM, OTP (2FA) keys by EviOTP NFC HSM, Seed Phrases by EviSeed NFC HSM, and the creation of multiple cryptocurrency wallets on the same device.

Conclusion

Ledger, the French leader in cryptocurrency security, has faced several security breaches since 2017. As a result of these breaches, hackers could steal the private keys and funds of Ledger users. In response to these threats, Ledger reacted by publishing security updates, informing its users, and strengthening its protection measures. However, Ledger users must be vigilant and follow the recommendations of Ledger to protect themselves from these attacks. Despite these challenges, Ledger remains a reliable and secure device to manage cryptocurrencies, as long as the best practices of digital hygiene are respected. If you want to learn more about Ledger and its products, you can visit their official website or read their blog. Additionally, you can also check their security reports and their help center for more information.

TETRA Security Vulnerabilities: How to Protect Critical Infrastructures

TETRA Security Vulnerabilities secured by EviPass or EviCypher NFC HSM Technologies from Freemindtronic-Andorra
TETRA Security Vulnerabilities by Jacques Gascuel: This article will be updated with any new information on the topic.

TETRA Security Vulnerabilities

Tetra is a radio communication standard used by critical sectors worldwide. But it has five security flaws that could expose its encryption and authentication. How can you protect your Tetra system from hackers? Read this article TETRA Security Vulnerabilities to find out the best practices and tips.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

TETRA Security Vulnerabilities: How to Protect Critical Infrastructures from Cyberattacks

TETRA (Terrestrial Trunked Radio) is a radio technology that is used worldwide for critical communications and data, especially in the sectors of security, energy, transport and defense. But this technology, which has been kept secret for more than 25 years, hides serious security vulnerabilities, including a backdoor that could allow devastating cyberattacks.

What is TETRA?

TETRA is a European radio standard that was developed in the 1990s to meet the needs of professional mobile services, such as police, firefighters, emergency services, military, prison staff, etc. TETRA allows to transmit data and voice encrypted on frequencies ranging from 380 to 470 MHz, with a range of several kilometers.

TETRA is used by more than 2000 networks in more than 150 countries, according to the TETRA and Critical Communications Association (TCCA), which brings together the manufacturers, operators and users of this technology. Among the main manufacturers of TETRA radios, we find Motorola Solutions, Hytera, Airbus, Sepura and Rohill.

TETRA offers several advantages over other radio technologies, such as:

  • better sound quality
  • greater transmission capacity
  • greater security thanks to encryption
  • greater flexibility thanks to the possibility of creating communication groups
  • greater interoperability thanks to the compatibility of equipment

Source french: TETRA digital mode & F4HXZ – Blog radioamateur

What are the vulnerabilities of TETRA?

Despite its strengths, TETRA also has weaknesses, which have been revealed by a group of Dutch researchers from Radboud University Nijmegen. These researchers conducted a thorough analysis of the TETRA standard and its encryption algorithms, which were until then kept secret by the manufacturers and authorities.

The researchers discovered two types of major vulnerabilities in TETRA:

  • A backdoor in the encryption algorithm TEA1, which is used in radios sold for sensitive equipment, such as pipelines, railways, power grid, public transport or freight trains. This backdoor allows an attacker to decrypt the communications and data transmitted by these radios, and possibly to modify or block them. The backdoor exists since the creation of the algorithm TEA1, in 1998, and cannot be corrected by a simple software update. The researchers managed to extract the secret key of the backdoor by analyzing the binary code of the radios.
  • A weakness in the encryption algorithm TEA2, which is used in radios intended for professional mobile services, such as police, firefighters, emergency services, military or prison staff. This weakness allows an attacker to reduce the number of possible keys to test to decrypt the communications and data transmitted by these radios. The researchers estimated that it would take about 10 minutes to find the right key with a standard computer. This weakness was corrected by the manufacturers in 2016, but the radios that have not been updated remain vulnerable.

To find the backdoor in the TEA1 algorithm, the researchers used a technique called “differential analysis”, which consists of comparing the outputs of the algorithm for slightly different inputs. By observing the differences, they were able to identify a part of the code that was not normally used, but that was activated by a special condition. This condition was the presence of a secret key of 64 bits, which was hidden in the binary code of the radios. By analyzing the code, they were able to extract the secret key and test it on encrypted communications with the TEA1 algorithm. They were thus able to confirm that the secret key allowed to decrypt the communications without knowing the normal key of 80 bits. The researchers published their official report and the source code of the TETRA encryption algorithms on their website.

Source: https://cs.ru.nl/~cmeijer/publications/All_cops_are_broadcasting_TETRA_under_scrutiny.pdf

What are the risks for critical infrastructures?

The vulnerabilities identified in TETRA represent a danger for the critical infrastructures that use this technology, because they could be exploited by cybercriminals, terrorists or spies to disrupt or damage these infrastructures.

For example, an attacker could:

  • listen to the communications and confidential data of the security or defense services
  • impersonate an operator or a manager to give false instructions or orders
  • modify or erase data or commands that control vital equipment, such as valves, switches, signals or brakes
  • cause failures, accidents, fires or explosions

These scenarios could have dramatic consequences on the security, health, economy or environment of the countries concerned.

How to protect yourself from cyberattacks on TETRA?

The users of TETRA must be aware of the vulnerabilities of this technology and take measures to protect themselves from potential cyberattacks. Among the recommendations of the researchers, we can mention:

  • check if the radios used are affected by the vulnerabilities and ask the manufacturers for correction solutions
  • avoid using the algorithm TEA1, which contains the backdoor, and prefer safer algorithms, such as TEA3 or TEA4
  • use encryption keys that are long and complex enough, and change them regularly
  • set up verification and authentication procedures for communications and data
  • monitor the radio traffic and detect anomalies or intrusion attempts
  • raise awareness and train staff on cybersecurity and good practices

TETRA digital mode: how to transfer data via TETRA

TETRA (Terrestrial Trunked Radio) is a digital and secure radio communication standard used by emergency services, law enforcement, public transport and industries. TETRA uses a π/4-DQPSK phase modulation and a TDMA time division multiplexing to transmit voice and data on a bandwidth of 25 KHz per transmission channel. Each channel is divided into four timeslots, one of which is reserved for signaling in trunked mode (TMO).

TETRA allows file transfer via radio in two ways: by the packet data service (PDS) or by the circuit data service (CDS).

The PDS uses the IP protocol to transmit data packets on one or more timeslots. It offers a maximum throughput of 28.8 kbit/s per timeslot, or 86.4 kbit/s for three timeslots. The PDS can be used to send small files, such as images, text messages or forms.

The CDS uses the LAPD protocol to transmit data by circuit on a dedicated timeslot. It offers a constant throughput of 4.8 kbit/s per timeslot, or 19.2 kbit/s for four timeslots. The CDS can be used to send large files, such as documents, videos or maps.

The choice of the data service depends on the type of file, the size of the file, the quality of the radio link, the cost and the availability of radio resources. The PDS offers more flexibility and performance, but it requires a good signal quality and it can be more expensive in terms of battery consumption and spectrum occupation. The CDS offers more reliability and simplicity, but it requires a prior allocation of a timeslot and it can be slower and less efficient.

Securing TETRA file transfers with Freemindtronic’s EviCypher technology

However, both data services are subject to the TETRA security vulnerabilities that we have discussed in the previous sections. These vulnerabilities could allow an attacker to intercept, modify or corrupt the files transferred via TETRA, or to prevent their transmission altogether. Therefore, the users of TETRA must ensure the integrity and the confidentiality of the files they send or receive, by using encryption, verification and authentication methods. Freemindtronic’s EviCypher technology can be a valuable solution for encrypting data with post-quantum AES-256 from an NFC HSM with your own randomly generated keys before transferring them via TETRA. This way, even if an attacker corrupts the data transmitted by TETRA, they will not be able to decrypt the data encrypted by a product embedding

How to secure file transfers via TETRA with Freemindtronic’s EviCypher technology

La technologie EviCypher de Freemindtronic peut être une solution précieuse pour chiffrer les données avec AES-256 post-quantique à partir d’un HSM NFC avec vos propres clés générées aléatoirement avant de les transférer via TETRA. Ainsi, même si un attaquant corrompt les données transmises par TETRA, il ne pourra pas décrypter les données cryptées par un produit embarquant la technologie EviCypher NFC HSM technology, such as DataShielder NFC HSM or DataSielder Defense NFC HSM. These products are portable and autonomous devices that allow you to secure the access to computer systems, applications or online services, using the NFC as a means of authentication and encryption.

The management of encryption keys for TETRA

To use encryption on the TETRA network, you need an encryption key, which is a secret code of 80 bits, or 10 bytes. This key must be shared between the radios that want to communicate securely, and must be protected against theft, loss or compromise.

There are several methods to save and enter encryption keys for TETRA, depending on the type of radio and the level of security required. Here are some examples:

  • The manual method: it consists of entering the encryption key using the keyboard of the radio, by typing the 10 bytes in hexadecimal form. This method is simple, but impractical and unsafe, because it requires to know the key by heart or to write it down on a support, which increases the risk of disclosure or error. For example, a 80-bit key could be 3A4F9C7B12E8D6F0.
  • The automatic method: it consists of using an external device, such as a computer or a smart card, which generates and transfers the encryption key to the radio by a cable or a wireless link. This method is faster and more reliable, but it requires to have a compatible and secure device, and to connect it to the radio at each key change.
  • The EviPass method: it consists of using the EviPass NFC HSM technology which allows to generate, store and manage keys and secrets in a secure and independent NFC HSM device. This method is the most innovative and secure, because it allows to create keys higher than 80 bits randomly in hexadecimal base 16, 58, 64 or 85, to store them in a physical device protected by an access code and a robust AES-256 post-quantum encryption algorithm, and to transfer them by various contactless means, via a computer. This method does not require to know or write down the key, which reduces the risk of disclosure or error. For example, a 10-byte key of 80 bits could be 3F 8A 6B 4C 9D 1E 7F 2A 5B 0C.

The EviPass NFC HSM technology of Freemindtronic allows to create secure gateways between the NFC devices and the computer systems, using advanced encryption protocols, such as AES, RSA or ECC. The EviPass NFC HSM technology is embedded in the PassCyber NFC HSM product, which is a portable and autonomous device that allows to secure the access to computer systems, applications or online or offligne services, using the NFC as a means of authentication.

Conclusion

TETRA is a radio technology that was designed to offer secure and reliable communication to professional mobile services and critical infrastructures. But this technology, which has been kept secret for decades, presents vulnerabilities that could be exploited by cyberattackers to compromise these communications and infrastructures. The users of TETRA must be vigilant and take measures to protect themselves from these threats, by updating their equipment, choosing robust encryption algorithms, using strong keys, verifying and authenticating data and monitoring radio traffic. The EviPass NFC HSM technology of Freemindtronic can be an effective solution to strengthen the security of keys and secrets used for verification and authentication, by storing them in a secure and independent NFC device. The researchers who revealed the vulnerabilities of TETRA hope that their work will contribute to improve the security of communications in critical domains.

FormBook Malware: How to Protect Your Gmail and Other Data

FormBook Malware: how to protect your gmail and other data
Protect your Gmail Account FormBook malware – Jacques Gascuel: This article will be updated with any new information on the topic.

Secure Your Gmail from FormBook Attacks

FormBook is a malware that can steal your Gmail credentials, messages, and attachments. Learn how to use the Freemindtronic devices to encrypt your Gmail data and use passwordless and 2FA.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

How to Protect Your Gmail Account from FormBook Malware

Introduction

Imagine that you receive an email from your bank, asking you to confirm your identity by clicking on a link. You open the link, and you find yourself on a page that looks like your bank’s website, but it is actually a fake. You enter your credentials, and you think you are done. But in reality, you have just given access to your bank account to hackers, who will use it to steal your money, or worse. This is what FormBook can do, a malware that can steal your sensitive data, and that Google cannot stop. In this article, we will explain what FormBook is, how it works, and how to protect yourself from this malware.

What is FormBook and why is it a threat?

FormBook is a malware that can record your keystrokes, take screenshots, and steal your passwords, cookies, and clipboard data. It can also download and execute other malicious files on your device.

FormBook is distributed through phishing emails that contain malicious attachments. These attachments are usually disguised as invoices, receipts, or shipping confirmations. When you open them, they ask you to enable macros or content. If you do, the malware will be installed on your device.

FormBook can target any web browser, but it has a special feature for Chrome. It can inject a fake Gmail login page into your browser, and trick you into entering your credentials. The malware will then send your Gmail username and password to a remote server controlled by the hackers.

FormBook is a threat because it can compromise your Gmail account and access your personal and professional information. It can also use your Gmail account to send spam or phishing emails to your contacts, or to access other online services that are linked to your Gmail account, such as Google Drive, Google Photos, or Google Pay.

How to protect yourself from FormBook?

Google has not yet found a way to detect and block FormBook. Therefore, you need to be extra careful when you use Gmail and other online services. Here are some tips to protect yourself from FormBook and other malware:

  • Do not open or download attachments from unknown or suspicious senders. If you are not sure about the legitimacy of an email, contact the sender directly or check the official website of the company or organization.
  • Do not enable macros or content in any document unless you trust the source. Macros are small programs that can run malicious code on your device.
  • Use a strong and unique password for your Gmail account and other online accounts. Do not reuse the same password for different services. Change your password regularly and use a password manager to store and generate your passwords.
  • Enable two-factor authentication (2FA) for your Gmail account and other online accounts. 2FA adds an extra layer of security by requiring a code or a device confirmation in addition to your password.
  • Use a reputable antivirus software and keep it updated. Antivirus software can scan your device for malware and remove it. You can also use a browser extension that can block malicious websites and pop-ups.

How to encrypt your Gmail messages and attachments with DataShielder NFC HSM

DataShielder NFC HSM is a device that allows you to encrypt and decrypt your Gmail messages and attachments with your own encryption keys that you create and store offline. It uses the EviCypher NFC HSM technology, which is a contactless hardware security module (NFC HSM) that won the Gold Medal for International Inventions in Geneva on March 2021.

With DataShielder NFC HSM, you can encrypt and decrypt your data with AES-256 keys that are randomly generated and stored in the NFC HSM. You can store up to 100 keys and one pair of RSA-4096 keys in the NFC HSM. You can also use different keys for the message and the attachment.

To encrypt your Gmail message and attachment, you need to use the EviCrypt and EviFile applications that are embedded in the DataShielder NFC HSM. These applications allow you to encrypt and decrypt your data with a simple tap of your NFC phone on the DataShielder NFC HSM. You can also share your encrypted data with other users who have the same device and the same key.

By using DataShielder NFC HSM, you can protect your Gmail messages and attachments from FormBook or any other malware that can access your Gmail account. Even if your Gmail account is hacked, your encrypted data will remain encrypted and unreadable by the hackers. Only you and the authorized recipients can decrypt your data with the DataShielder NFC HSM.

How to protect your web Gmail account with passwordless and 2FA using PassCypher NFC HSM

Do you want to manage your web accounts with complicated and complex passwords that you do not need to know, remember, or type? If yes, then you should try PassCypher NFC HSM. This device uses the EviPass NFC HSM technology, which is a contactless hardware password manager that won the Silver Medal for International Inventions in Geneva on March 2021.

With PassCypher NFC HSM, you can create and store your usernames and passwords of more than 256-bit in the NFC HSM. Moreover, you can store your OTP TOTP or HOTP secret keys in the NFC HSM to generate the 2FA code for your web accounts. The NFC HSM can store up to 100 web accounts and one pair of RSA-4096 keys.

To use PassCypher NFC HSM, you need to install the Freemindtronic extension for your web browser based on Chromium or Firefox. This extension uses the EviCore NFC HSM Browser technology, which allows you to communicate with the NFC HSM via your NFC phone. You also need to use the EviPass and EviOTP applications that are embedded in the PassCypher NFC HSM. These applications allow you to create, edit, and delete your web accounts and OTP secret keys with a simple tap of your NFC phone on the PassCypher NFC HSM.

By using PassCypher NFC HSM, you can secure your web accounts with passwordless and 2FA. You do not need to display, know, or type your username and password. You just need to tap your NFC phone on the PassCypher NFC HSM and the extension will autofill and auto login your web account. You also do not need to check for a typosquatting attack, since the extension will verify the URL of the website before logging in. And you do not need to use another device or application to generate the 2FA code, since the PassCypher NFC HSM will do it for you.

How to protect your Gmail account from FormBook with PassCypher NFC HSM

FormBook is a dangerous malware that can access your Gmail account and other sensitive data. Google has not yet found a solution to stop it. Therefore, you need to be vigilant and follow the best practices to protect yourself from cyberattacks. One of them is to use PassCypher NFC HSM to secure your Gmail account with passwordless and 2FA.

By using PassCypher NFC HSM, you can protect your Gmail account from FormBook or any other malware that can access your web browser. Even if your web browser is hacked, your usernames and passwords will remain encrypted and inaccessible by the hackers. Only you can decrypt your Gmail account with the PassCypher NFC HSM. And even if the hackers manage to steal your session cookies, they will not be able to log in to your Gmail account without the 2FA code that is generated by the PassCypher NFC HSM.

To use PassCypher NFC HSM with your Gmail account, you need to follow these steps:

  • Create a Gmail account in the EviPass application on the PassCypher NFC HSM. You can use the default username and password, or you can generate a random and complex password with the EviPass application.
  • Enable 2FA for your Gmail account on the Google website.
  • Choose the option to use an authenticator app, and scan the QR code with the EviOTP application on the PassCypher NFC HSM. This will store your OTP secret key in the NFC HSM.
  • Log in to your Gmail account with the Freemindtronic extension on your web browser. Tap your NFC phone on the PassCypher NFC HSM and the extension will autofill and auto login your Gmail account. You will also see a pop-up window with the 2FA code that you need to enter on the Google website.

By following these steps, you can use PassCypher NFC HSM to secure your Gmail account with passwordless and 2FA. You can also use PassCypher NFC HSM with other web accounts that support 2FA, such as Facebook, Twitter, or Amazon. This way, you can protect yourself from FormBook and other malware that can access your web browser.

Recent statistics on FormBook

FormBook is a malware that was first discovered in 2016, but it remains very active and dangerous. According to the Check Point report on cybersecurity in 2022, FormBook was the third most widespread malware in 2021, attacking 5% of enterprise networks. It was also the most prolific infostealer malware, accounting for 16% of attacks worldwide.

FormBook spreads mainly through phishing emails that contain malicious attachments. These attachments are often RAR self-extracting archives, which are compressed files that can run malicious code when opened. The RAR files contain a legitimate document, such as a PDF or a Word file, and a hidden executable file, which is the FormBook malware. When the user opens the RAR file, the document is displayed, but the malware is also installed in the background.

FormBook can also spread through other methods, such as drive-by downloads, malicious links, or removable media. The malware can infect any Windows device, from Windows XP to Windows 10. The malware can also evade detection and removal by using various techniques, such as encryption, obfuscation, or anti-analysis.

Here are some recent statistics on FormBook, based on the data from Check Point and ANY.RUN:

  • FormBook was the most popular malware in August 2021, affecting 4.5% of organizations worldwide, followed by Trickbot and Agent Tesla, affecting respectively 4% and 3% of organizations worldwide.
  • FormBook was the fourth most common malware in 2020, according to the ranking of malware families by ANY.RUN. It accounted for 8% of the samples analyzed by the online sandboxing service.
  • FormBook was used in many phishing campaigns targeting various industries, such as defense, aerospace, health, education, finance, retail, etc. It was also used to attack Ukrainian targets during the war between Russia and Ukraine in 2022.
  • FormBook has a successor called XLoader, which appeared in 2020 and which is able to infect macOS users. XLoader is sold on the dark web for $59 for a Windows license and $49 for a macOS license.

Danger level of FormBook compared to other malware

FormBook is a very dangerous malware, because it can steal sensitive information, such as credentials, passwords, credit card numbers, 2FA codes, etc. It can also download and execute other malware, such as ransomware, banking trojans, spyware, etc. It can also remotely control the infected device and perform various malicious actions, such as deleting browser cookies, taking screenshots, restarting or shutting down the system, etc.

FormBook is also hard to detect and remove, because it uses advanced evasion techniques, such as code injection, string obfuscation, data encryption, anti-analysis, etc. It also changes frequently its name, path, and file extension, and uses random Windows registry keys to maintain its persistence.

To compare the danger level of FormBook with other known malware in its category, we can use the following criteria:

  • The number of organizations affected worldwide
  • The type and amount of information stolen
  • The ability to download and execute other malware
  • The ability to remotely control the infected device
  • The evasion techniques used
  • The ease of detection and removal

Here is a table that compares FormBook with other popular infostealer malware, such as Trickbot, Agent Tesla, LokiBot, and Raccoon:

Malware Number of organizations affected Type and amount of information stolen Ability to download and execute other malware Ability to remotely control the infected device Evasion techniques used Ease of detection and removal
FormBook 4.5% in August 2021 Credentials, passwords, credit card numbers, 2FA codes, screenshots, keystrokes, etc. Yes Yes Code injection, string obfuscation, data encryption, anti-analysis, etc. Hard
Trickbot 4% in August 2021 Credentials, passwords, banking information, personal data, etc. Yes Yes Code injection, string obfuscation, data encryption, anti-analysis, etc. Hard
Agent Tesla 3% in August 2021 Credentials, passwords, banking information, personal data, screenshots, keystrokes, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium
LokiBot 1.5% in August 2021 Credentials, passwords, banking information, personal data, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium
Raccoon 0.8% in August 2021 Credentials, passwords, banking information, personal data, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium

From this table, we can see that FormBook is the most dangerous infostealer malware, because it affects the most organizations, steals the most types of information, and can download and execute other malware. It is also the hardest to detect and remove, because it uses more evasion techniques than the other malware.

Forms of attacks of FormBook

FormBook can be delivered through different forms of attacks, depending on the delivery mechanism chosen by the malicious actor. Here are some forms of attacks of FormBook:

  • Phishing: FormBook can be sent by email as a malicious attachment, such as a Word, Excel, PDF, or ZIP or RAR file. The email can have a misleading subject, such as an invoice, a receipt, a contract, a job offer, etc. When the user opens the attachment, the malware runs and infects the device.
  • Exploitation of vulnerabilities: FormBook can exploit vulnerabilities in popular software, such as Microsoft Office, Windows, Adobe Reader, etc. For example, FormBook used the vulnerability CVE-2017-8570 in Microsoft Office to run malicious code from a RTF file. FormBook also used the vulnerability CVE-2021-40444 in Microsoft MSHTML to run malicious code from a CAB file.
  • Drive-by downloads: FormBook can be downloaded without the user’s knowledge when they visit a compromised or malicious website. The website can use a script or an exploit kit to trigger the download and execution of the malware on the user’s device.
  • Removable media: FormBook can be copied to removable media, such as USB drives, external hard drives, memory cards, etc. When the user connects the removable media to their device, the malware runs automatically and infects the device.
  • Social media: FormBook can be spread by messages or posts on social media, such as Facebook, Twitter, Instagram, etc. These messages or posts can contain links or images that redirect to malicious websites or infected files. When the user clicks on the link or image, the malware is downloaded and executed on their device.

Here is a type of formbook malware attacks image:

Type of Formbook MalwareAttacks

How PassCypher NFC HSM and DataShielder NFC HSM can protect you from FormBook attacks

PassCypher NFC HSM and DataShielder NFC HSM are two devices that use the EviPass NFC HSM technology from Freemindtronic, which is a contactless hardware password manager that won the Silver Medal for International Inventions in Geneva on March 2021. These devices can help you protect your web accounts and your Gmail messages and attachments from FormBook attacks, by using passwordless, 2FA, and encryption.

PassCypher NFC HSM can create and store your usernames and passwords of more than 256-bit in the NFC HSM. It can also store your OTP TOTP or HOTP secret keys in the NFC HSM to generate the 2FA code for your web accounts. The NFC HSM can store up to 100 web accounts and one pair of RSA-4096 keys.

DataShielder NFC HSM can encrypt and decrypt your Gmail messages and attachments with your own encryption keys that you create and store offline. It uses the EviCypher NFC HSM technology, which is a contactless hardware security module (NFC HSM) that won the Gold Medal for International Inventions in Geneva on March 2021. It can store up to 100 keys and one pair of RSA-4096 keys in the NFC HSM.

To use PassCypher NFC HSM and DataShielder NFC HSM, you need to install the Freemindtronic extension for your web browser based on Chromium or Firefox. This extension uses the EviCore NFC HSM Browser technology, which allows you to communicate with the NFC HSM via your NFC phone. You also need to use the EviPass, EviOTP, EviCrypt, and EviFile applications that are embedded in the PassCypher NFC HSM and DataShielder NFC HSM. These applications allow you to create, edit, delete, encrypt, and decrypt your web accounts, OTP secret keys, messages, and attachments with a simple tap of your NFC phone on the PassCypher NFC HSM or DataShielder NFC HSM.

By using PassCypher NFC HSM and DataShielder NFC HSM, you can secure your web accounts and your Gmail messages and attachments with passwordless, 2FA, and encryption. You do not need to display, know, or type your username, password, or encryption key. You just need to tap your NFC phone on the PassCypher NFC HSM or DataShielder NFC HSM and the extension will autofill, auto login, encrypt, or decrypt your web account, message, or attachment. You also do not need to use another device or application to generate the 2FA code, since the PassCypher NFC HSM will do it for you.

Here is a table that shows how PassCypher NFC HSM and DataShielder NFC HSM can protect you from different FormBook attack vectors, such as keylogger, password stealer, file transfer, screenshot, etc. I used a check mark or a cross mark to show visually what PassCypher NFC HSM and DataShielder NFC HSM protect.

 

FormBook PassCypher DataShielder
Keylogger ✔️ ✔️
Password stealer ✔️ ✔️
File transfer ✔️
Screenshot ✔️ ✔️
Remote control
Phishing ✔️ ✔️
Exploit kit
Drive-by download
Removable media ✔️
Social media

This table shows that PassCypher NFC HSM and DataShielder NFC HSM can protect your web accounts from FormBook’s keylogger, password stealer, and phishing, by using passwordless and 2FA. They can also protect your Gmail messages and attachments from FormBook’s file transfer and screenshot, by using encryption and decryption. DataShielder NFC HSM can also protect your data stored in computers or removable media, by using encryption and decryption. However, neither device can protect your device from FormBook’s remote control, exploit kit, drive-by download, or unsecured social media, which can compromise your system and your data. Therefore, you should also use an antivirus software and a firewall to prevent FormBook from accessing your device.

Are fingerprint systems really secure? How to protect your data and identity against BrutePrint

Fingerprint Systems Really Secure - How to Protect Your Data and Identity
Fingerprint Systems Really Secure by Jacques Gascuel: This article will be updated with any new information on the topic.

Fingerprint Security

You will surely be amazed by our discoveries! These systems verify your identity on smartphones and other devices by using the unique patterns of your finger. But is their security level? In this study, we explore the weaknesses of these systems and how various actors, from cybercriminals to sovereign entities, can exploit them. We looked at 25 techniques for corrupting fingerprint authentication systems. We will also introduce an effective dual-use defense solution: DataShielder HSM solutions to protect your secrets and sensitive data even if this biometric authentication system becomes compromised.

Fingerprint Biometrics: An In-Depth Exploration of Security Mechanisms and Vulnerabilities

It is a widely recognized biometric authentication system for identity verification. In this overview of fingerprint authentication systems, we will explore comprehensively to understand the complex world of fingerprint biometrics. Our goal is to provide a detailed exploration of these systems, their inner workings, vulnerabilities, and countermeasures.

Demystifying Fingerprint Systems: A Thorough Examination

Two fundamental components make up these systems: the fingerprint sensor and the comparison algorithm.:

The Fingerprint Sensor: Where Biometric Data Begins

These systems rely on an essential component: the fingerprint sensor. It captures the finger image and converts it into a digital format. Different types of sensors exist, each with their advantages and disadvantages:

  1. Optical sensors: They use light and a camera to create a high-resolution image.
  2. Capacitive sensors: They use an array of small capacitors to measure the differences in electrical charge between the ridges and valleys.
  3. Ultrasonic sensors: They use sound waves to create a three-dimensional image.
  4. Thermal sensors: They detect the heat emitted by the finger to generate an image.

The Comparison Algorithm: The Gatekeeper of Access

The comparison algorithm is a critical software component that analyzes the captured fingerprint image. Its role is vital:

  • Image Analysis: The algorithm scrutinizes the fingerprint image, extracting its unique features.
  • Template Comparison: It then compares these features to one or more stored templates, serving as reference fingerprints for authorized users.
  • Threshold Criteria: Access is granted if the algorithm determines a significant similarity between the captured image and a stored template, surpassing a predefined threshold. If not, the system considers the fingerprint invalid and denies access.

Fingerprint System Vulnerabilities and Attack Techniques

First, before evaluating attack techniques against fingerprinting systems, let’s explore different attack types, techniques, motivations, and strategies. In our thorough analysis of fingerprint system vulnerabilities, we must acknowledge numerous attack techniques employed by various actors. These techniques, driven by diverse motivations ranging from personal gain to malicious intent, illuminate the complexities of fingerprint system security. We’ve identified a total of twenty-five (25) distinct attack types, categorized into five groups in this study: “Electronic Devices for Biometric Attacks,” “Additional Fingerprint Attacks,” “Advanced Attacks,” “Attacks on Lock Patterns,” and “Attacks on Fingerprint Sensors.”

Attacks on Fingerprint Sensors

Fingerprint sensors, a common biometric authentication method, are vulnerable to several attack types and techniques update 23 february 2024:

ATTACK TYPE TECHNIQUE MOTIVATIONS STRATEGIES
Residual Fingerprint Attack Recovers the smartphone owner’s fingerprint left on surfaces, reproducing it. Identity theft, unauthorized access, or malicious purposes. Exploits traces of fingerprints on surfaces using materials like gelatin, silicone.
Code Injection Attack Injects malicious code to bypass fingerprint sensor security. Compromises device security for data theft or illicit activities. Exploits software vulnerabilities for unauthorized access to biometric data.
False Acceptance Attack The system accepts a fingerprint that doesn’t belong to the authorized user. Identity theft, unauthorized access, or malicious intentions. Can occur due to poor sensor quality, a high tolerance threshold, or similarity between different individuals’ fingerprints.
False Rejection Attack The system rejects a fingerprint that belongs to the authorized user. Identity theft, unauthorized access. Can occur due to poor sensor quality, a low tolerance threshold, environmental changes, or alterations to the user’s fingerprint.
Substitution Attack Tricks the system with an artificial fingerprint. Identity theft or unauthorized access. Can be done using materials like gelatin, silicone, latex, or wax.
Modification Attack Tricks the system with a modified fingerprint. Identity theft or to conceal the user’s identity. Can be done using techniques like gluing, cutting, scraping, or burning.
Impersonation Attack Tricks the system with another user’s fingerprint, either with their consent or by force. Identity theft using force, threats, bribery, or seduction. Uses the fingerprint of another user who has given consent or has been coerced into doing so.
Adversarial Generation Attack Tricks the system with images of fingerprints generated by an adversarial generative adversarial network (GAN). Bypasses liveness detection methods based on deep learning. Mimics the appearance of real fingerprints.
Acoustic Analysis Attack Tricks the system by listening to the sounds emitted by the fingerprint sensor during fingerprint capture. Can reconstruct the fingerprint image from acoustic signals. Use noise cancellation techniques, encrypt acoustic signals, or use liveness detection methods
Partial Print Attack Tricks the system with a partial fingerprint from the registered fingerprint. Increases the false acceptance rate by exploiting the similarity between partial prints of different users. Can use a portion of the registered fingerprint.
Privilege Escalation Attack Exploits vulnerabilities in the operating system or application to obtain higher privileges than those granted by fingerprint authentication Can access sensitive data, manipulate system files, perform unauthorized actions, or bypass security measures Use strong passwords, enforce multi-factor authentication, limit user privileges, patch system vulnerabilities, monitor user activities, and audit logs
Spoofing Attack Imitates a legitimate fingerprint or identity to deceive the system or the user Can gain access, steal information, spread malware, or impersonate someone. Use liveness detection methods, verify the authenticity, avoid trusting unknown sources, and report spoofing attempts
PrintListener: Side-channel Attack Utilizes acoustic signals from finger friction on touchscreens to replicate fingerprints Gain unauthorized access to devices and services protected by fingerprint authentication Implement noise interference, use advanced fingerprint sensors resistant to acoustic analysis, enable multifactor authentication, regularly update security protocols

For more information on new attack type “PrintListener” (a specific acoustic analysis attack), readers are encouraged to explore the detailed article at https://freemindtronic.com/printlistener-technology-fingerprints/.
These attacks expose vulnerabilities in fingerprint sensor technology and underline the need for robust security measures.

Attacks on Lock Patterns (For Lock Screen Authentication)

Lock patterns, often used on mobile devices for screen unlocking, are susceptible to various attack techniques:

ATTACK TYPE TECHNIQUE MOTIVATIONS STRATEGIES
Brute Force Attack Attempts all possible lock pattern combinations. Gains unauthorized device access. Systematically tests different pattern combinations.
Replica Fingerprint Attack Uses a 3D printer to create a replica fingerprint. Unauthorized access or identity theft. Produces a replica for sensor authentication.
Sensor Vulnerabilities Exploits sensor technology vulnerabilities. Compromises device security for malicious purposes. Identifies and exploits sensor technology weaknesses.
BrutePrint Attack Intercepts messages, emulating the fingerprint sensor. Gains unauthorized access, often with hardware components. Exploits communication protocol vulnerabilities.

These attacks target the vulnerabilities in lock pattern authentication and underscore the importance of strong security practices.

Advanced Attacks

Advanced attacks employ sophisticated techniques and technologies to compromise fingerprint systems:

ATTACK TYPE TECHNIQUE MOTIVATIONS STRATEGIES
Presentation Attack Presents manipulated images or counterfeit fingerprints. Espionage, identity theft, or malicious purposes. Crafts counterfeit fingerprints or images to deceive sensors.
Rapid Identification Attack Uses advanced algorithms to swiftly identify fingerprints. Corporate espionage, financial gain, or enhanced security. Quickly identifies fingerprints from extensive datasets.
Digital Footprint Attack Collects and analyzes the online data and activity of the target, using open source intelligence tools or data brokers Can obtain personal information, preferences, habits, or vulnerabilities of the target. Use privacy settings, delete unwanted data, avoid oversharing, and monitor online reputation

These advanced attacks leverage technology and data to compromise fingerprint-based security.

Network-Based Attacks

Network-based attacks are those that target the communication or data transmission between the device and the fingerprint authentication system. These attacks can compromise the integrity, confidentiality, or availability of the biometric data or the user session. In this section, we will discuss four types of network-based attacks: phishing, session hijacking, privilege escalation, and spyware.

ATTACK TYPE TECHNIQUE MOTIVATIONS STRATEGIES
Phishing Attack Technique: Phishing attacks involve sending fraudulent messages to victims, enticing them to click on a link or download an attachment. These malicious payloads may contain code designed to steal their fingerprints or redirect them to a fake website requesting authentication. Motivations: Phishing attacks are motivated by the desire to deceive and manipulate users into revealing their fingerprint data or login credentials. Strategies: Phishing attackers employ various tactics, such as crafting convincing emails, spoofing legitimate websites, and using social engineering to trick users.
Session Hijacking Attack Technique: Session hijacking attacks aim to intercept or impersonate an authenticated user’s session, exploiting communication protocol vulnerabilities or using spyware. Motivations: Session hijacking is typically carried out to gain unauthorized access to sensitive information or systems, often for financial gain or espionage. Strategies: Attackers employ packet sniffing, session token theft, or malware like spyware to compromise and take control of active user sessions.
Spyware Attack Technique: Spyware attacks infect the device with spyware to capture fingerprint data. Motivations: Spyware attacks are driven by the objective of illicitly obtaining biometric data for malicious purposes, such as identity theft or unauthorized access. Strategies: Attackers use spyware to secretly record and transmit fingerprint information, often through backdoors or covert channels, without the victim’s knowledge.
Predator Files Infects Android phones with a spyware application that can access their data, including fingerprint information. Sold to multiple governments for targeting political opponents, journalists, activists, and human rights defenders in over 50 countries. Use spyware detection and removal tools, update system software, avoid downloading untrusted applications, and scan devices regularly

As we can see from the table above, network-based attacks pose a serious threat to fingerprint authentication systems and users’ privacy and security. Therefore, it is essential to implement effective countermeasures and best practices to prevent or mitigate these attacks. In the next section, we will explore another category of attacks: physical attacks.

Electronic Devices for Biometric Attacks

Some electronic devices are designed to target and compromise fingerprint authentication systems. Here are some notable examples:

Device Description Usage STRATEGIES
Cellebrite UFED A portable device capable of extracting, decrypting, and analyzing data from mobile phones, including fingerprint data. Used by law enforcement agencies worldwide. Used by law enforcement agencies to access digital evidence on mobile phones. Applies substances to damage or obscure sensor surfaces.
GrayKey A black box device designed to unlock iPhones protected by passcodes or fingerprints using a “brute force” technique. Sold to law enforcement and government agencies for investigative purposes. Sold to law enforcement and government agencies for investigative purposes to unlock iPhones. Use strong passwords, enable encryption, disable USB access, and update system software.
Chemical Attacks Alters or erases fingerprints on sensors. Prevents identification or creates false identities. Use fingerprint enhancement techniques, verify the authenticity, and use liveness detection methods

These devices pose a high risk to biometric systems because they can allow malicious actors to access sensitive information or bypass security measures. They are moderate to high in ease of execution because they require physical access to the target devices and the use of costly or scarce devices. Their historical success is variable because it depends on the quality of the devices and the security of the biometric systems. They are currently relevant because they are used by various actors, such as government agencies, law enforcement, or hackers, to access biometric data stored on mobile phones or other devices. This comprehensive overview of attack types, techniques, motivations, and strategies is crucial for improving biometric authentication system security.

BrutePrint: A Novel Attack on Fingerprint Systems on Phones

Fingerprint systems on phones are not only vulnerable to spoofing or data breach attacks; they are also exposed to a novel attack called BrutePrint. This attack exploits two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework. BrutePrint allows attackers to bypass the attempt limit and liveness detection mechanisms of fingerprint systems on phones. It also enables them to perform unlimited brute force attacks until finding a matching fingerprint.

How BrutePrint Works

Fingerprint Systems Really Secure : BrutePrint

BrutePrint works by hijacking the fingerprint images captured by the sensor. It applies neural style transfer (NST) to generate valid brute-forcing inputs from arbitrary fingerprint images. BrutePrint also exploits two vulnerabilities in the SFA framework:

  • Cancel-After-Match-Fail (CAMF): this vulnerability allows attackers to cancel the authentication process after a failed attempt. It prevents the system from counting the failed attempts and locking the device.
  • Match-After-Lock (MAL): this vulnerability allows attackers to infer the authentication results even when the device is in “lock mode”. It guides the brute force attack.To perform a BrutePrint attack, attackers need physical access to the phone, a database of fingerprints, and a custom-made circuit board that costs about 15 dollars. The circuit board acts as a middleman between the sensor and the application. It intercepts and manipulates the fingerprint images.

How to Prevent BrutePrint

BrutePrint is a serious threat to phone users who rely on fingerprint systems to protect their devices and data. It shows that fingerprint systems on phones are not as secure as they seem. They need more robust protection mechanisms against brute force attacks. Some of the possible ways to prevent BrutePrint are:

  • Updating the phone’s software: this can help fix the vulnerabilities exploited by BrutePrint and improve the security of the SFA framework.
  • Using multifactor authentication: this can increase the level of security and reduce the risks of spoofing or brute force attacks. It combines fingerprint authentication with another factor, such as a password, a PIN code, a pattern lock screen ,or other trust criteria that allows patented segmented key authentication technology developed by Freemindtronic in Andorra .
  • Use of DataShielder HSM solutions: these are solutions developed by Freemindtronic in Andorra that allow you to create HSM (Hardware Security Module) on any device, without a server or database, to encrypt any type of data. DataShielder HSM solutions also include EviSign technology, which enables advanced electronic signing of documents. DataShielder HSM solutions are notably available in Defense versions, which offer a high level of protection for civil and/or military applications.

Assessing Attack Techniques: Ease of Execution and Current Relevance

In our pursuit of understanding fingerprint system vulnerabilities, it is crucial to assess not only the types and forms of attacks but also their practicality and current relevance. This section provides an in-depth evaluation of each attack technique, considering factors such as the ease of execution, historical success rates, and their present-day applicability.

Attack Techniques Overview

Let’s analyze the spectrum of attack techniques, considering their potential danger, execution simplicity, historical performance, and present-day relevance.

Attack Type Level of Danger Ease of Execution Historical Success Current Relevance
Residual Fingerprint Attack Medium Moderate Variable Ongoing
Code Injection Attack High Moderate Variable Still Relevant
Acoustic Analysis Attack Medium Low Fluctuating Ongoing Concerns
Brute Force Attack High Low Variable Contemporary
Replica Fingerprint Attack Medium Moderate Fluctuating Still Relevant
Sensor Vulnerabilities High Moderate Variable Ongoing Significance
BrutePrint Attack High High Variable Continues to Pose Concerns
Presentation Attack High Moderate Diverse Still Pertinent
Rapid Identification Attack High Low Variable Ongoing Relevance
Digital Footprint Attack High Low Fluctuating Currently Pertinent
Chemical Attacks High Low Variable Ongoing Relevance
Phishing Attack High Moderate Variable Modern Threat
Session Hijacking Attack High Low Variable Ongoing Relevance
Privilege Escalation Attack High Low Variable Remains Significant
Adversarial Generation Attack High Moderate Variable Still in Use
Acoustic Analysis Attack (Revisited) Medium Low Fluctuating Ongoing Concerns
Partial Print Attack Medium Low Variable Currently Relevant
Electronic Devices for Biometric Attacks High Moderate to High Variable Currently Relevant
PrintListener (Specific Acoustic Analysis Attack) High Moderate Emerging Highly Relevant

Understanding the Evaluation:

  • Level of Danger categorizes potential harm as Low, Moderate, or High.
  • Ease of Execution is categorized as Low, Medium, or High.
  • Historical Success highlights fluctuating effectiveness.
  • Current Relevance signifies ongoing concerns in contemporary security landscapes.

By assessing these attack techniques meticulously, we can gauge their practicality, historical significance, and continued relevance.

The type of attack by electronic devices for biometric systems is very dangerous because it can allow malicious actors to access sensitive information or bypass the protections of biometric systems. Its ease of execution is moderate to high, as it requires physical access to target devices and the use of expensive or difficult-to-obtain devices. Its historical success is variable because it depends on the quality of the devices used and the security measures implemented by the biometric systems. It is currently relevant because it is used by government agencies, law enforcement or hackers to access biometric data stored on mobile phones or other devices.

Statistical Insights into Fingerprint Systems

Fingerprint systems have found wide-ranging applications, from law enforcement and border control to banking, healthcare, and education. They are equally popular among consumers who use them to unlock devices or access online services. However, questions linger regarding their reliability and security. Let’s delve into some pertinent statistics:

According to Acuity Market Intelligence, 2018 saw more than 1.5 billion smartphones equipped with fingerprint sensors, constituting 60% of the global market.

The IAFIS Annual Report of 2020 revealed that more than 1.3 billion fingerprint records were stored in national and international databases in 2019.

According to the National Institute of Standards and Technology (NIST), the average false acceptance rate of fingerprint systems in 2018 was 0.08%, marking an 86% decrease compared to 2013.

These statistics shed light on the widespread adoption of fingerprint systems and their improved accuracy over time. Nevertheless, they also underline that these systems, while valuable, are not without their imperfections and can still be susceptible to errors or manipulation.

Real-World Cases of Fingerprint System Corruption: Phone Cases

Fingerprint system corruption can also affect phone users, who rely on fingerprint sensors to unlock their devices or access online services. However, these sensors are not foolproof and can be bypassed or exploited by skilled adversaries. These attacks can result in device theft, data breaches, or other security issues.

Here are some examples of fingerprint system corruption that involve phones:

  • German hacker Jan Krissler, alias Starbug, remarkably unlocked the smartphone of the German Defense Minister Ursula von der Leyen in 2014 using a high-resolution photo of her thumb taken during a press conference. He employed image processing software to enhance the photo’s quality and created a counterfeit fingerprint printed on paper.
  • A terrorist attack at the Istanbul airport killed 45 people and injured more than 200 in 2016. The investigators found that the three suicide bombers used fake fingerprints to enter Turkey and avoid security checks. They copied the fingerprints of other people from stolen or forged documents.
  • Researchers from Tencent Labs and Zhejiang University discovered in 2020 that they could bypass a fingerprint lock on Android smartphones using a brute force attack, that is when a large number of attempts are made to discover a password, code or any other form of security protection.
  • Experts from Cisco Talos created fake fingerprints capable of fooling the sensors of smartphones, tablets and laptops as well as smart locks in 2020, but it took them a lot of effort.
  • A case of identity theft was discovered in France in 2021, involving the use of fake fingerprints to obtain identity cards and driving licenses. The suspects used silicone molds to reproduce the fingerprints of real people, and then glued them on their fingers to fool the biometric sensors.
  • Researchers from the University of Buffalo developed a method in 2021 to create artificial fingerprints from images of fingers. These fingerprints can fool the sensors of smartphones, but also more advanced biometric systems, such as those used by police or airports.
  • A report by Kaspersky revealed in 2021 that banking apps on smartphones are vulnerable to attacks by falsified fingerprints. Attackers can use malware to intercept biometric data from users and use them to access their accounts.

These cases highlight the significant threats posed by fingerprint system corruption to phone users. Therefore, it is important to protect these systems against external and internal threats while integrating advanced technologies to enhance security and reliability.

DataShielder HSM: A Counter-Espionage Solution for Fingerprint System Security

You have learned in the previous sections that fingerprint systems are not foolproof. They can be corrupted by attacks that expose your secrets and sensitive data. To prevent malicious actors from capturing them, you need an effective and reliable encryption solution, even if your phone is compromised.

Freemindtronic, the leader in NFC HSM technologies, designed, developed, published and manufactured DataShielder HSM in Andorra. It is a range of solutions that you need. You can use either EviCore NFC HSM or EviCore HSM OpenPGP technology with DataShielder HSM. It lets you encrypt your data with segmented keys that you generate randomly yourself. The key segments are securely encrypted and stored in different locations. To access your secrets and your sensitive data encrypted in AES 256 quantum, you need to bring all segments together for authentication.

DataShielder HSM has two versions: DataShielder NFC HSM for civil and military use, and DataShielder NFC HSM Defense for sovereign use. DataShielder NFC HSM Defense integrates two technologies: EviCore NFC HSM and EviCore HSM OpenPGP. They allow you to create a hardware security module (HSM) without contact on any medium, without server, without database, totally anonymous, untraceable and undetectable.

DataShielder HSM is a user-friendly and compatible solution with all types of phone, with or without NFC, Android or Apple. It can be used for various purposes, such as securing messaging services, encrypting files or emails, signing documents or transactions, or generating robust passwords.

DataShielder HSM is a counter-espionage solution that enhances the security of fingerprint systems. It protects your data and secrets from unauthorized access, even if your fingerprint is compromised.

Current Trends and Developments in Fingerprint Biometrics

Fingerprint biometrics is a constantly evolving field. It seeks to improve the performance, reliability and security of existing systems. But it also develops new technologies and applications. Here are some current or expected trends and developments in this field.

  • Multimodality: it consists of combining several biometric modalities (fingerprint, face, iris, voice, etc.) to increase the level of security and reduce the risks of error or fraud. For example, some smartphones already offer authentication by fingerprint and facial recognition.
  • Contactless biometrics: it consists of capturing fingerprints without the need to touch a sensor. This technique avoids the problems related to the quality or contamination of fingerprints. And it improves the comfort and hygiene of users. For example, some airports already use contactless scanners to verify the identity of travelers.
  • Behavioral biometrics: it consists of analyzing the behavior of users when they interact with a biometric system. For instance, the way they place their finger on the sensor or the pressure they exert. This technique adds a dynamic factor to identification. And it detects attempts of impersonation or coercion. For example, some banking systems already use behavioral biometrics to reinforce the security of transactions.

Standards and Regulations for Fingerprint Systems

The use of fingerprint systems is subject to standards and regulations. They aim to ensure the quality, compatibility and security of biometric data. These standards and regulations can be established by international, national or sectoral organizations. Here are some examples of standards and regulations applicable to fingerprint systems.

  • The ISO/IEC 19794-2 standard: it defines the format of fingerprint data. It allows to store, exchange and compare fingerprints between different biometric systems. It specifies the technical characteristics, parameters and procedures to be respected to ensure the interoperability of systems.
  • The (EU) 2019/1157 regulation: it concerns the strengthening of the security of identity cards and residence permits issued to citizens of the European Union and their relatives. It provides for the mandatory introduction of two fingerprints in a digital medium integrated into the card. It aims to prevent document fraud and identity theft.
  • The Data Protection Act: it regulates the collection, processing and storage of personal data, including biometric data. It imposes on data controllers to respect the principles of lawfulness, fairness, proportionality, security and limited duration of data. It guarantees to data subjects a right of access, rectification and opposition to their data.

Examples of Good Practices for Fingerprint System Security

Fingerprint systems offer a convenient and effective way to authenticate people. But they are not without risks. It is important to adopt good practices to strengthen the security of fingerprint systems and protect the rights and freedoms of users. Here are some examples of good practices to follow by end users, businesses and governments.

  • For end users: it is recommended not to disclose their fingerprints to third parties, not to use the same finger for different biometric systems, and to check regularly the state of their fingerprints (cuts, burns, etc.) that may affect recognition. It is also advisable to combine fingerprint authentication with another factor, such as a password or a PIN or other trust criteria that allows the patented segmented key authentication technology developed by Freemindtronic in Andorra.
  • For businesses: it is necessary to comply with the applicable regulation on the protection of personal data, and to inform employees or customers about the use and purposes of fingerprint systems. It is also essential to secure biometric data against theft, loss or corruption, by using encryption, pseudonymization or anonymization techniques.
  • For governments: it is essential to define a clear and consistent legal framework on the use of fingerprint systems, taking into account ethical principles, fundamental rights and national security needs. It is also important to promote international cooperation and information exchange between competent authorities, in compliance with existing standards and conventions.

Responses to Attacks

Fingerprint systems can be victims of attacks aimed at bypassing or compromising their operation. These attacks can have serious consequences on the security of people, property or information. It is essential to know how to react in case of successful attack against a fingerprint system. Here are some recommendations to follow in case of incident.

  • Detecting the attack: it consists of identifying the type, origin and extent of the attack, using monitoring, auditing or forensic analysis tools. It is also necessary to assess the potential or actual impact of the attack on the security of the system and users.
  • Containing the attack: it consists of isolating the affected system or the source of the attack, by cutting off network access, disabling the biometric sensor or blocking the user account. It is also necessary to preserve any evidence that may facilitate investigation.
  • Notifying the attack: it consists of informing competent authorities, partners or users concerned by the attack, in compliance with legal and contractual obligations. It is also necessary to communicate on the nature, causes and consequences of the attack, as well as on the measures taken to remedy it.
  • Repairing the attack: it consists of restoring the normal functioning of the fingerprint system, by eliminating the traces of the attack, resetting the settings or replacing the damaged components. It is also necessary to revoke or renew the compromised biometric data, and verify the integrity and security of the system.
  • Preventing the attack: it consists of strengthening the security of the fingerprint system, by applying updates, correcting vulnerabilities or adding layers of protection. It is also necessary to train and raise awareness among users about good practices and risks related to fingerprint systems.

Next Steps for Fingerprint Biometrics Industry

Fingerprint biometrics is a booming field, which offers many opportunities and challenges for industry, society and security. Here are some avenues for reflection on the next steps for this field.

  • Research and development: it consists of continuing efforts to improve the performance, reliability and security of fingerprint systems, but also to explore new applications and technologies. For example, some researchers are working on artificial fingerprints generated by artificial intelligence, which could be used to protect or test biometric systems.
  • Future investments: it consists of supporting the development and deployment of fingerprint systems, by mobilizing financial, human and material resources. For example, according to a market study, the global market for fingerprint systems is expected to reach 8.5 billion dollars in 2025, with an average annual growth rate of 15.66%.
  • Expected innovations: it consists of anticipating the needs and expectations of users, customers and regulators, by offering innovative and adapted solutions. For example, some actors in the sector envisage creating fingerprint systems integrated into human skin, which could offer permanent and inviolable identification.

Conclusion

Fingerprint systems are a convenient and fast way to authenticate users, based on their unique fingerprint patterns. They have many applications in device protection and online service access. However, these systems are not immune to attacks by skilled adversaries, who can manipulate and exploit them. These attacks can lead to unauthorized access, data breaches, and other security issues.

To prevent these threats, users need to be vigilant and enhance security with additional factors, such as PINs, passwords, or patterns. Moreover, regular system updates are crucial to fix emerging vulnerabilities.

Fingerprint systems are still a valuable and common form of authentication. But users must understand their weaknesses and take steps to strengthen system integrity and data protection. One of the possible steps is to use DataShielder HSM solutions, developed by Freemindtronic in Andorra. These solutions allow creating HSM (Hardware Security Module) on any device, without server or database, to encrypt and sign any data. DataShielder HSM solutions also include EviSign technology, which allows electronically signing documents with a legally recognized value. DataShielder HSM solutions are available in different versions, including Defense versions, which offer a high level of protection for civil and military applications.

Predator Files: The Spyware Scandal That Shook the World

Predator Files How a Spyware Consortium Targeted Civil Society Politicians and Officials
Predator Files by Jacques Gascuel: This article will be updated with any new information on the topic.

Predator Files: The Spyware Scandal That Shook the World

Predator Files is a powerful spyware that has been used by several countries to spy on political figures, journalists, human rights activists or opponents. How does it work, who has been spied on, what are the consequences, and how much does it cost? Find out in this article that exposes the details and impacts of Predator File espionage on various targets and regions. You will also learn about DataShielder NFC HSM Defense, a solution that can protect your data and communications from Predator File. Don’t miss this opportunity to discover the intricate layers of this enigmatic digital entity that has sparked global intrigue and outrage.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

Predator Files: How a Spyware Consortium Targeted Civil Society, Politicians and Officials

Cytrox: The maker of Predator File

Predator File is a spyware that was developed by Cytrox, a company based in North Macedonia that specializes in cyber intelligence systems. Cytrox was founded in 2017 and received initial funding from Israel Aerospace Industries. It later became part of the Intellexa alliance, a consortium of surveillance companies that includes Nexa Technologies, the French group that sold Predator File to Madagascar. Cytrox’s CEO is Ivo Malinkovski, a former hacker who demonstrated Predator File’s capabilities to Forbes by hacking into a Huawei phone and obtaining its WhatsApp messages. Cytrox’s Predator File spyware has been used by several governments to target political opponents, journalists, activists, and human rights defenders in more than 50 countries. In 2023, the U.S. Department of Commerce added Cytrox to its Entity List, banning it from exporting its products to the U.S. or buying U.S. technology without a license. Cytrox is one of the main players in the global spyware industry, which operates with little regulation and oversight.
Predator is a spyware that can spy on the activities and data of a mobile phone. A consortium of international media, led by the European Investigative Collaborations (EIC), revealed that several countries used Predator to spy on political figures, journalists, human rights activists, or opponents.

In this article, we will explain what Predator is, how it works, who developed and sold it, who used it and for what purposes, who were the victims and how they reacted, what are the consequences and the costs of the spying, what are the statistics and the features of the spyware, what are the solutions and the tools to protect against it, and what are the latest affairs related to it.

What is Predator Files?

Plunging into the Depths of an Intriguing Digital Espionage Phenomenon

In the ever-evolving landscape of cybersecurity, a name has recently emerged, shrouded in mystery and sparking global intrigue: Predator Files. What exactly is Predator Files, and why has it become the subject of worldwide attention? Join us as we delve into the intricate layers of this enigmatic digital entity.

The Intricate Spyware: Predator Files

Predator Files transcends the realm of ordinary software. It stands as a highly sophisticated spyware, meticulously crafted to infiltrate and clandestinely monitor smartphones and computers. What sets it apart? Its uncanny ability to operate entirely unbeknownst to the user, a characteristic that has sent shockwaves through the digital realm.

Unveiling Its Intrusive Capabilities

Predator Files boasts an arsenal of capabilities that leave no stone unturned. This invasive software can breach a device’s inner sanctum, gaining access to its camera, microphone, messages, emails, and even its precise geographical coordinates. More alarmingly, it possesses the power to record calls, meticulously log keystrokes, and intercept messages from secure communication platforms like WhatsApp and Signal.

Origins and Distributors

The origins of Predator Files add an extra layer of intrigue. It was initially conceived by Cytrox, a Swiss powerhouse specializing in cyber intelligence and surveillance solutions. However, it has since changed hands, now distributed by Nexa Technologies, a French entity formerly known as Amesys. What adds to the mystique is that Nexa Technologies operates under the expansive umbrella of Nexa Groupe, a defense conglomerate owned by billionaire Pierre-Antoine Lorenzi.

A Global Controversy

Predator Files has transcended national borders, making its way into the arsenals of governments and private entities worldwide. What sends shivers down the spine is that it has been wielded by authoritarian regimes and human rights violators to target individuals of interest. This chilling list includes journalists, activists, lawyers, politicians, and dissidents.

Operating in the Shadows

Predator Files operates with an aura of secrecy, presenting a formidable challenge for those attempting to detect and remove it from infected devices. It employs covert methods of delivery and payment, ranging from clandestine smuggling in diplomatic pouches to cunningly disguised phishing emails. Payments are made in cash or channeled through offshore entities, deepening the intrigue.

Predator Files vs. Pegasus

Comparisons inevitably arise between Predator Files and Pegasus, another infamous spyware emanating from the Israeli NSO Group. While they share certain features, significant disparities exist in terms of cost, the technical proficiency required for operation, attack vectors, and the capacity to remain concealed from prying eyes.

Moral and Legal Quandaries

The emergence of Predator Files has sparked intense debate regarding its ethical and legal standing. Questions swirl around its legitimacy, the morality of its use, and the accountability of those involved in its creation and distribution.

Confronting the Predatory Spyware

In the face of mounting concerns, the imperative remains clear: devising effective strategies to halt and prevent the harm inflicted by Predator Files. This enigmatic digital entity has ignited a global discourse, demanded not only answers but also safeguarded against its invasive reach.

An In-Depth Investigation

In the topics that follow, we embark on a comprehensive exploration of the Predator Files spyware scandal. Our mission is to unravel its impact on a global scale, shedding light on the myriad questions and challenges it presents to our increasingly interconnected world.

Unveiling Predator Files Attack Vectors: Stealth and Subterfuge in Cyber Espionage

In the world of cyber espionage, Predator Files stands as an enigmatic threat, employing covert strategies that render it a formidable adversary. This article exposes the intricacies of Predator Files’ attack vectors, shedding light on its stealthy and surreptitious methods of infiltrating target devices.

Email: The Trojan Horse

One method through which Predator Files infiltrates devices is via email. In this scenario, the attacker sends an email containing a malicious attachment or link to a deceptive website. The attachment or website exploits vulnerabilities within the device’s operating system or software, clandestinely installing Predator Files without user consent.

Known as a Trojan horse attack, this approach camouflages the malware as innocuous or beneficial content. Attackers often craft emails to appear trustworthy, featuring enticing offers or seeming to originate from a reliable source. Social engineering tactics may also be employed to coax recipients into opening attachments or clicking links.

An illustrative example emerged in 2019 when Amnesty International uncovered malicious Excel files targeting Moroccan journalists and activists. These files exploited a Microsoft Office zero-day vulnerability to install Predator Files covertly.

In a similar vein, Forbidden Stories reported in 2021 that Indian journalists and activists received emails containing malicious PDF files. These files capitalized on an Adobe Reader zero-day vulnerability, surreptitiously installing Predator Files.

SMS Intrigue: Texts That Betray

Predator Files also leverages SMS as a means of infection. Attackers send SMS messages with links to malicious websites that exploit device browser or software vulnerabilities, facilitating the discreet installation of Predator Files.

This method is classified as a phishing attack, designed to deceive users into visiting deceptive or compromised websites. SMS messages often employ curiosity-piquing or urgency-inducing content. Spoofing techniques may be used to make the SMS appear genuine.

Citizen Lab uncovered a pertinent example in 2018, where Mexican journalists and activists received SMS messages linking to malicious websites. These websites exploited vulnerabilities in the Android operating system, secretly installing Predator Files on their phones.

Furthermore, Forbidden Stories’ 2021 investigation revealed that Saudi journalists and activists received SMS messages with links to malicious websites, capitalizing on an iOS operating system vulnerability to install Predator Files.

Web of Deceit: Navigating Vulnerabilities

Another avenue of infection is through the web. Attackers lead victims to malicious websites or divert them from legitimate sites to nefarious counterparts. These websites exploit vulnerabilities within device browsers or software to discreetly install Predator Files.

Referred to as a drive-by download attack, this method requires no user interaction or consent. Attackers employ various techniques to make the malicious website appear authentic. Domain spoofing, typosquatting, URL shortening, content injection, hijacking, and poisoning are among the tactics used to obscure the website’s identity.

Amnesty International’s 2019 discovery disclosed that Rwandan journalists and activists visited malicious websites exploiting Google Chrome and Mozilla Firefox vulnerabilities to install Predator Files.

Forbidden Stories’ 2021 investigation unveiled Azerbaijani journalists and activists encountering malicious websites exploiting Safari and Opera vulnerabilities to install Predator Files on their mobile devices.

WhatsApp’s Vulnerable Connection

Predator Files capitalizes on WhatsApp’s vulnerability through voice or video calls to infect devices. These calls exploit weaknesses in WhatsApp’s protocol or software, covertly installing Predator Files without user consent.

Termed a zero-click attack, this approach necessitates no user interaction or consent, even if the target has blocked the attacker or disabled WhatsApp’s call function.

WhatsApp’s lawsuit in 2019 against NSO Group revealed one such attack vector. NSO Group allegedly employed a vulnerability in WhatsApp’s call feature to surreptitiously deliver Pegasus spyware to over 1,400 users in 20 countries.

Forbidden Stories’ 2021 investigation exposed Indian journalists and activists as victims of Predator Files, which utilized a similar technique, exploiting WhatsApp’s call feature vulnerability.

Zero-Click: A Stealthy Intrusion

Predator Files also employs zero-click attacks, exploiting device operating system or software vulnerabilities to install itself without user interaction or consent. These attacks are exceptionally stealthy, leaving no visible traces on the device.

Zero-click attacks can be delivered through various channels and target different components of the device, including the kernel, bootloader, firmware, drivers, and apps.

Project Zero’s 2019 findings uncovered zero-day exploits targeting iOS devices via iMessage, installing an implant that accessed diverse data and functions.

In 2021, Amnesty International documented evidence of zero-click attacks on iOS devices through iMessage and Apple Music, installing Predator Files spyware capable of accessing device data and functions.

The Stealth Within Predator Files: An Unseen Hand

Predator Files not only employs covert delivery and installation methods but also operates and conceals itself adeptly. Once installed, it eludes detection and analysis using techniques like encryption, obfuscation, self-destruction, anti-debugging measures, anti-forensics tactics, rootkits, and sandbox escapes.

Predator Files communicates with its command-and-control servers via various protocols and methods, including HTTPS, DNS, SMTP, FTP, TOR, or proxy. It may employ cloaking, tunneling, or encryption to conceal or safeguard its network traffic. Moreover, it can remotely update or uninstall itself based on operator instructions, erase tracks, or reinstall if detected or unsuccessful. Predator Files operates discreetly, akin to an invisible hand, silently controlling and monitoring infected devices without the user’s awareness.

How does Predator Files spy?

Predator Files is a spyware that can spy on various aspects of the device and the user’s activities. It can access and collect the following data and functions:

  • Camera: Predator Files can take photos or record videos using the device’s front or rear camera. It can also activate the camera remotely or in stealth mode.
  • Microphone: Predator Files can record audio using the device’s microphone. It can also activate the microphone remotely or in stealth mode.
  • Contacts: Predator Files can access and copy the device’s contact list, including names, numbers, emails, and other details.
  • Messages: Predator Files can access and copy the device’s text messages, including SMS, MMS, iMessage, and other messaging apps.
  • Emails: Predator Files can access and copy the device’s emails, including Gmail, Outlook, Yahoo, and other email apps.
  • Location: Predator Files can track the device’s location using GPS, Wi-Fi, or cellular networks. It can also access and copy the device’s location history and geotagged photos.
  • Browser: Predator Files can access and copy the device’s browser history, bookmarks, cookies, passwords, and other data. It can also monitor and intercept the device’s web traffic and requests.
  • Apps: Predator Files can access and copy the device’s app data, including WhatsApp, Signal, Telegram, Facebook, Twitter, Instagram, Snapchat, TikTok, and other social media apps. It can also monitor and intercept the device’s app traffic and requests.
  • Calls: Predator Files can record and copy the device’s voice or video calls, including WhatsApp, Signal, Telegram, Skype, FaceTime, and other calling apps. It can also monitor and intercept the device’s call logs and metadata.
  • Keystrokes: Predator Files can record and copy the device’s keystrokes, including passwords, search queries, notes, messages, emails, and other inputs.
  • Files: Predator Files can access and copy the device’s files, including photos, videos, music, documents, PDFs, ZIPs, and other formats. It can also upload or download files to or from the device.

Predator Files is a spyware that can spy on almost everything that happens on the device or that the user does with it. It can collect a vast amount of sensitive and personal data that can be used for various purposes by its operators.

What are the consequences of the spying?

Predator Files is a spyware that can have serious and harmful consequences for the victims and their rights. It can violate their privacy, security, freedom, dignity, and well-being. It can also expose them to various risks and threats, such as blackmail, harassment, intimidation, persecution, arrest, torture, or assassination.

Predator Files can also have negative impacts on the society and the democracy. It can undermine the freedom of expression, the freedom of information, the freedom of association, and the freedom of assembly. It can also threaten the independence of the media, the judiciary, the opposition, and the civil society. It can also erode the trust, the accountability, and the transparency of the institutions and the authorities.

Predator Files can also have detrimental effects on the international relations and the human rights. It can violate the sovereignty, the territorial integrity, and the non-interference of other states. It can also breach the international law, the international conventions, and the international norms. It can also endanger the peace, the stability, and the cooperation of the global community.

Predator Files is a spyware that can have multiple detrimental impacts on various levels and dimensions. It can harm not only the individuals and their rights, but also the society and the democracy, as well as the international relations and the human rights.

The Netherlands, the UK, and the US. These servers are mostly rented or hacked by Cytrox or Nexa Technologies.

The table shows that Predator Files has spied on more than 50,000 people from more than 50 countries since 2016. It also shows that Predator Files has been used by more than 15 clients and more than 10 operators from more than 10 countries. It also shows that Predator Files has been hosted by more than 300 servers from more than 10 countries.

These statistics are indicative and partial. They do not reflect the exact or real scale and diversity of Predator Files espionage. They are based on a limited and incomplete sample. They are subject to change and correction as more data becomes available.

Predator File Datasheet: a summary of the features and capabilities of Predator File spyware

Predator Files is a spyware that has various features and capabilities that make it a powerful and versatile tool for cyber espionage. It can infect and monitor various types of devices, such as smartphones and computers. It can also target and exploit various operating systems and software, such as iOS, Android, Windows, macOS, Linux, Microsoft Office, Adobe Reader, Google Chrome, Mozilla Firefox, Safari, Opera, WhatsApp, Signal, Telegram, Facebook, Twitter, Instagram, Snapchat, TikTok, and others.

Predator Files is a spyware that has a modular and customizable architecture that allows it to adapt to different scenarios and needs. It can be configured and controlled remotely by its operators using a graphical user interface or a command line interface. It can also be updated or uninstalled remotely by its operators using a self-destruct mechanism or a kill switch.

Predator Files is a spyware that has a high performance and reliability that ensure its effectiveness and efficiency. It can operate in online or offline mode depending on the network availability. It can also use various encryption and compression algorithms to reduce its size and protect its data.

Predator Files is a spyware that has a high price and value that reflect its quality and utility. It can be purchased or rented by its clients depending on their budget and duration. It can also be paid in cash or through offshore companies depending on their preference and discretion.

Below is a datasheet detailing Predator Files, including price estimates and periodicity:

Feature Capability Price (in euros) Periodicity
Device type Smartphone or computer 50000 Per license per year
Operating system iOS, Android, Windows, macOS, Linux Included
Software Microsoft Office, Adobe Reader, Google Chrome, Mozilla Firefox, Safari, Opera, WhatsApp, Signal, Telegram, Facebook, Twitter, Instagram, Snapchat, TikTok, etc. Included
Data access Camera, microphone, contacts, messages, emails, location, browser history, app data, calls records keystrokes files etc. Included
Data collection Photos videos audio texts emails etc. Included
Data transmission HTTPS DNS SMTP FTP TOR proxy etc. Included
Data protection Encryption compression obfuscation etc. Included
Infection method Email SMS web WhatsApp zero-click etc. Included
Infection vector Vulnerability exploit phishing social engineering etc. Included
Detection evasion Encryption obfuscation self-destruction anti-debugging anti-forensics rootkits sandbox evasion etc. Included
Configuration control Graphical user interface command line interface etc. Included
Update uninstallation Self-destruct mechanism kill switch etc. Included

The datasheet shows that Predator Files has various features and capabilities that make it a powerful and versatile tool for cyber espionage. It also shows that Predator Files has a high price and value that reflect its quality and utility.

Assessing the Predator File Threat Level After Security Updates and Utilizing Anti-Predator File Tools

Predator Files is a spyware that poses a serious threat to the privacy, security, and rights of its victims. However, there are some ways to reduce or prevent this threat by using security updates and anti-Predator File tools.

How security updates can protect the devices from Predator Files

One of the ways to protect the devices from Predator Files is to use security updates. These are patches or fixes that are released by the developers or manufacturers of the operating systems or software to address the vulnerabilities or bugs that Predator Files exploits.

Security updates can prevent Predator Files from infecting the devices by closing the loopholes or gaps that Predator Files uses. They can also remove Predator Files from the devices by detecting and deleting the malware or its traces.

Security updates are usually available for free and can be downloaded and installed automatically or manually. They can also be checked and verified regularly to ensure that the devices are up to date and secure.

Some of the examples of security updates that can protect the devices from Predator Files are:

  • iOS 14.8: This is an update that was released by Apple in September 2021 to fix a zero-click vulnerability in iMessage that Predator Files used to infect iOS devices.
  • Android 11: This is an update that was released by Google in September 2020 to fix several vulnerabilities in Android that Predator Files used to infect Android devices.
  • Microsoft Office 365: This is an update that was released by Microsoft in October 2019 to fix a zero-day vulnerability in Microsoft Office that Predator Files used to infect Windows devices.
  • Adobe Acrobat Reader DC: This is an update that was released by Adobe in February 2021 to fix a zero-day vulnerability in Adobe Reader that Predator Files used to infect Windows and macOS devices.

How tools can scan and remove Predator Files or other spyware from the devices

Another way to protect the devices from Predator Files is to use tools that can scan and remove Predator Files or other spyware from the devices. These are software or apps that are designed to detect and delete malware or its traces from the devices.

Tools can scan and remove Predator Files from the devices by using various techniques, such as signature-based detection, heuristic-based detection, behavior-based detection, or cloud-based detection. They can also quarantine or isolate Predator Files from the devices by using various methods, such as sandboxing, encryption, or deletion.

Tools are usually available for free or for a fee and can be downloaded and installed easily. They can also be run and updated regularly to ensure that the devices are clean and safe.

Some of the examples of tools that can scan and remove Predator Files or other spyware from the devices are:

  • Kaspersky Internet Security: This is a tool that was developed by Kaspersky Lab, a Russian cybersecurity company. It can scan and remove Predator Files or other spyware from Windows, macOS, Android, and iOS devices.
  • Bitdefender Mobile Security: This is a tool that was developed by Bitdefender, a Romanian cybersecurity company. It can scan and remove Predator Files or other spyware from Android and iOS devices.
  • Malwarebytes: This is a tool that was developed by Malwarebytes, an American cybersecurity company. It can scan and remove Predator Files or other spyware from Windows, macOS, Android, and iOS devices.
  • Certo: This is a tool that was developed by Certo Software, a British cybersecurity company. It can scan and remove Predator Files or other spyware from iOS devices.

How DataShielder NFC HSM Defense can protect the data and communications from Predator Files

Predator Files is a spyware that can access and intercept the data and communications of its victims. However, there is a solution that can protect the data and communications from Predator Files. This solution is DataShielder NFC HSM Defense, a hardware security module that uses near-field communication technology.

DataShielder NFC HSM Defense: a solution against spyware

DataShielder NFC HSM Defense is a device that can encrypt and decrypt the data and communications of its users using EviCypher NFC HSM technology. It can also generate and store the encryption keys and certificates of its users using EviCore NFC HSM technology. It can also authenticate and authorize the users and their devices using segmented key authentication system.

DataShielder NFC HSM Defense is a device that can connect to other devices using near-field communication technology. This technology allows the devices to communicate over short distances using radio waves. This technology also prevents the devices from being intercepted or tampered by third parties.

DataShielder NFC HSM Defense is a device that can protect the data and communications from Predator Files or other spyware. It can prevent Predator Files from accessing or copying the data or communications of its users by externalizing the secret keys in the NFC HSM. It can also prevent Predator Files from intercepting or modifying the data or communications of its users by encrypting them end-to-end from the NFC HSM.

DataShielder NFC HSM Defense: additional features

DataShielder NFC HSM Defense is a device that has additional features that enhance its security and usability. Some of these features are:

  • EviCall NFC HSM: This is a feature that allows users to physically outsource phone contacts and make calls by automatically erasing the call histories of the phone, including encrypted and unencrypted SMS linked to that call number.
  • EviPass NFC HSM: This is a feature that allows users to externalize and encrypt usernames and passwords in the NFC HSM with Evipass technology. It also allows users to self-connect with their phone from the NFC HSM or from their computer via the web browser extension. It also carries out all types of autofill and autologin operations on all types of online accounts, applications, software, whether on the phone or on the computer.
  • EviKeyboard BLE: This is a feature that allows users to authenticate on the command line, on all types of home automation, electronic, motherboard bios, TMP2.0 key, which accept the connection of a keyboard on a USB port. It also extends the use of keys greater than 256 bit. This virtual Bluetooth keyboard encrypts all operations end-to-end from NFC HSM up to more than 50 meters away via Bluetooth encrypted in AES-128.
  • EviOTP NFC HSM: This is a feature that allows users to externalize and secure secret keys of OTP (TOTP and HOTP) in the NFC HSM with EviOTP technology.

Here are all the links : EviPass NFC HSMEviOTP NFC HSMEviCypher NFC HSMEviCall NFC HSM, EviKeyboard BLE

DataShielder NFC HSM Defense vs Predator File: a comparison table

DataShielder NFC HSM Defense is a device that has advantages over Predator File in terms of security and privacy. Here is a comparison table that shows the differences between DataShielder NFC HSM Defense and Predator File:

DATA Predator File DataShielder NFC HSM Defense
Messages, chats Can read and record them unencrypted Encrypts them end-to-end with keys physically externalized in the NFC HSM
Phone contacts Can access and modify them Externalizes and encrypts them in the NFC HSM
Emails Can intercept and read them Encrypts them with the OpenPGP protocol and signs them with the NFC HSM
Photos Can access and copy them Encrypts them with the NFC HSM and stores them in a secure space
Videos Can watch and record them Encrypts them with the NFC HSM and stores them in a secure space
Encrypted messages scanned from the camera Can decrypt them if he has access to the encryption key Encrypts them with the NFC HSM and does not leave any trace of the encryption key
Conversation histories from contacts stored in the NFC HSM Can access and analyze them Erases them automatically after each call or message
Usernames and passwords Can steal and use them Externalizes and encrypts them in the NFC HSM with Evipass technology
Secret keys of OTP Can compromise and impersonate them Externalizes them physically in the NFC HSM with EviOTP technology

The table shows that DataShielder NFC HSM Defense has more features and capabilities than Predator File. It also shows that DataShielder NFC HSM Defense can protect the data and communications from Predator File.

Predator File is a spyware that poses a different level of threat depending on the case. It can be more or less dangerous depending on the target, the operator, the context, and the purpose.

Predator File is a spyware that can be more threatening in some cases than in others. Some of these cases are:

  • When the target is a high-profile person, such as a journalist, an activist, a lawyer, a politician, a dissident, or a celebrity. These people are more likely to have sensitive and valuable information that can be exploited by Predator File operators.
  • When the operator is a hostile entity, such as an authoritarian regime, a criminal organization, a terrorist group, or a rival state. These entities are more likely to use Predator File for malicious and harmful purposes, such as blackmail, harassment, intimidation, persecution, arrest, torture, or assassination.
  • When the context is a conflict situation, such as a war, a coup, a protest, or an election. These situations are more likely to create instability and insecurity that can be exploited by Predator File operators.
  • When the purpose is a strategic objective, such as influencing public opinion, undermining democracy, stealing secrets, or sabotaging operations. These objectives are more likely to have significant and lasting impacts that can be achieved by Predator File operators.

Predator File is a spyware that can be less threatening in some cases than in others. Some of these cases are:

  • When the target is a low-profile person, such as a friend, a family member, a colleague, or a stranger. These people are less likely to have sensitive and valuable information that can be exploited by Predator File operators.
  • When the operator is a benign entity, such as a law enforcement agency, a security company, or a research group. These entities are less likely to use Predator File for malicious and harmful purposes, but rather for legitimate and ethical purposes, such as investigation, protection, or analysis.
  • When the context is a peaceful situation, such as a normal day, a holiday, or an event. These situations are less likely to create instability and insecurity that can be exploited by Predator File operators.
  • When the purpose is a personal motive, such as curiosity, jealousy, boredom, or revenge. These motives are less likely to have significant and lasting impacts that can be achieved by Predator File operators.

Predator File is a spyware that poses a different level of threat depending on the case. It can be more or less dangerous depending on various factors. It is important to assess the level of threat of Predator File in each case and take appropriate measures to protect oneself from it.

Recent Developments Regarding the Predator File

Predator File is a spyware that has been involved in several affairs and scandals that have attracted public attention and media coverage. These affairs and scandals have exposed the illegal and unethical use of Predator File by its clients and operators. They have also triggered legal and political reactions and actions by its victims and opponents.

Latest Investigation: The Predator File Project

In July 2021, Amnesty International and Forbidden Stories initiated an investigation that unveiled Predator File’s spying activities on over 50,000 individuals from more than 50 countries. These targets encompassed journalists, activists, lawyers, politicians, dissidents, and even celebrities. Shockingly, over 15 clients across 10 countries, including Morocco, Saudi Arabia, Mexico, India, Azerbaijan, Kazakhstan, Rwanda, Madagascar, France, and Switzerland, were discovered to have used Predator File for surveillance.

In-Depth Reporting: The Predator File Papers

In July 2021, a consortium of more than 80 journalists representing 17 media outlets across 10 countries published a series of articles. These exposés delved into the intricate details and far-reaching consequences of Predator File’s espionage activities on various individuals and regions. Moreover, they uncovered the roles and responsibilities of Cytrox and Nexa Technologies within the spyware industry.

Legal Actions: The Predator File Lawsuits

Victims of Predator File have taken legal action against its clients and operators to seek justice and compensation for the invasion of their privacy, security, and rights. Notable lawsuits include:

  • Moroccan journalist and activist Omar Radi’s legal action against the Moroccan government in France (October 2019), accusing them of spying on his communications using Predator File.
  • Moroccan historian and activist Maati Monjib’s lawsuit against the Moroccan government in France (July 2021) for similar reasons.
  • Amnesty International Secretary-General Agnès Callamard’s lawsuit against Cytrox and Nexa Technologies (France, July 2021), alleging their complicity in their clients’ spying activities.

Political Resolutions: The Predator File Resolutions

Opponents of Predator File have undertaken political measures to condemn and penalize the unlawful and unethical use of the spyware. Additionally, they aim to regulate and oversee the spyware industry. Noteworthy resolutions include:

  • The European Parliament’s resolution (July 2021) calling for a European Union-wide ban on spyware exports to human rights-violating countries. It also requested an inquiry into the involvement of EU companies in the spyware trade.
  • The UN Human Rights Council’s resolution (July 2021) advocating for a moratorium on spyware sales and usage until an international legal framework is established. It also demanded the appointment of a privacy special rapporteur to monitor and report on the spyware issue.
  • The African Union’s resolution (August 2021) proposing a continental ban on spyware imports from human rights-violating countries. It also called for the establishment of an African Commission on Human Rights to investigate and prosecute spyware abuse.

Unveiling a Scandal: The Predator File Scandal

Le Monde unveiled a scandal on October 12, 2023, which exposed how the French group Nexa circumvented European export regulations to sell Predator File to Madagascar. Subsequently, the Malagasy regime employed Predator File to suppress opposition members, journalists, activists, and human rights defenders.

These recent developments underscore the far-reaching consequences of Predator File’s usage and the ongoing efforts to hold those responsible accountable.

Spyware with multiple detrimental impacts

Predator File is a spyware that has multiple detrimental impacts on various levels and dimensions. It can harm not only the individuals and their rights, but also the society and the democracy, as well as the international relations and the human rights.

Financial Cost

Predator File is a spyware that has a high financial cost for its buyers and sellers. It is expensive to purchase and operate, and risky to use and abuse. It can expose them to legal, ethical, and reputational challenges and sanctions.

Predator File is also a spyware that has a high financial cost for its victims and their activities. It can compromise their privacy, security, and rights. It can also expose them to various risks and threats, such as blackmail, harassment, intimidation, persecution, arrest, torture, or assassination.

Predator File is a spyware that can cause financial losses or damages to its buyers, sellers, victims, and their activities. It can affect their income, budget, assets, liabilities, or transactions. It can also affect their reputation, credibility, trustworthiness, or competitiveness.

Geopolitical Cost

Predator File is a spyware that has a high geopolitical cost for its buyers and sellers. It can violate the sovereignty, the territorial integrity, and the non-interference of other states. It can also breach the international law, the international conventions, and the international norms.

Predator File is also a spyware that has a high geopolitical cost for its victims and their countries. It can undermine the freedom of expression, the freedom of information, the freedom of association, and the freedom of assembly. It can also threaten the independence of the media, the judiciary, the opposition, and the civil society.

Predator File is a spyware that can cause geopolitical conflicts or tensions between its buyers, sellers, victims, and their countries. It can affect their relations, interests, values, or goals. It can also affect their peace, stability, cooperation, or development.

Economic Cost

Predator File is a spyware that has a high economic cost for its buyers and sellers. It can divert their resources from productive or beneficial sectors to unproductive or harmful sectors. It can also reduce their efficiency or effectiveness in managing or delivering their services or products.

Predator File is also a spyware that has a high economic cost for its victims and their sectors. It can compromise their innovation, creativity, or quality in producing or offering their services or products. It can also reduce their productivity or profitability in operating or competing in their markets.

Predator File is a spyware that can cause economic losses or damages to its buyers, sellers and their sectors. It can affect their:

  • income, budget, assets, liabilities, or transactions.
  • reputation, credibility, trustworthiness, or competitiveness.
  • growth, development, sustainability, or resilience.
  • customers, partners, suppliers, or competitors.

Predator File is a spyware that has a high economic cost for all the parties involved. It can harm their financial performance and position. It can also harm their economic potential and opportunities.

Social Cost

Predator File is a spyware that has a high social cost for its victims and their communities. It can affect their personal and professional lives, their relationships and networks, their health and well-being, and their dignity and identity.

Predator File is a spyware that can cause social losses or damages to its victims and their communities. It can:

  • Isolate them from their friends, family, colleagues, or partners.
  • Expose them to stigma, discrimination, or violence.
  • Cause them stress, anxiety, depression, or trauma.
  • Erode their self-esteem, self-confidence, or self-respect.
  • Alter their behavior, personality, or values.

Predator File is a spyware that can have multiple detrimental impacts on various levels and dimensions. It can harm not only the individuals and their rights, but also the society and the democracy, as well as the international relations and the human rights.

Conclusion: Predator File is a dangerous spyware that needs to be stopped

Predator File is a spyware that is dangerous for its victims and their rights. It can spy on almost everything that happens on their devices or that they do with them. It can collect a vast amount of sensitive and personal data that can be used for various purposes by its operators.

Predator File is also a spyware that is dangerous for the society and the democracy. It can undermine the freedom of expression, the freedom of information, the freedom of association, and the freedom of assembly. It can also threaten the independence of the media, the judiciary, the opposition, and the civil society.

Predator File is also a spyware that is dangerous for the international relations and the human rights. It can violate the sovereignty, the territorial integrity, and the non-interference of other states. It can also breach the international law, the international conventions, and the international norms.

Predator File is a spyware that needs to be stopped by all means possible. It is a threat to the privacy, security, and rights of its victims. It is also a threat to the society and the democracy. It is also a threat to the international relations and the human rights.

Predator File is a spyware that needs to be stopped by:

  • Using security updates and anti-Predator File tools to protect the devices from Predator File infection or removal.
  • Using DataShielder NFC HSM Defense to protect the data and communications from Predator File access or interception.
  • Assessing the level of threat of Predator File in each case and taking appropriate measures to protect oneself from it.
  • Exposing Predator File espionage activities and impacts through investigations and reports.
  • Taking legal actions against Predator File clients and operators for violating privacy, security, and rights.
  • Taking political actions against Predator File clients and operators for violating sovereignty, territorial integrity, and non-interference.
  • Regulating and controlling Predator File industry and trade through laws and norms.

Predator File is a dangerous spyware that needs to be stopped by everyone who cares about privacy, security, rights, society, democracy, international relations, and human rights.

Sources and references: Predator File

Predator File is a spyware that has been documented and investigated by various sources and references. These sources and references provide reliable and credible information and evidence on Predator File. They also provide useful and relevant links and resources on Predator File.

Predator File: https://en.wikipedia.org/wiki/Cytrox

Some of the sources and references on Predator File are:

Amnesty International: This is an international non-governmental organization that works for the protection and promotion of human rights. It has published several reports and articles on Predator File, such as:

  • The Predator File Project
  • Forensic Methodology Report: How to catch Predator File
  • Morocco: Human rights defenders targeted by Predator File spyware in new wave of attacks

Forbidden Stories: This is an international non-profit organization that works for the protection and continuation of the work of journalists who are threatened, censored, or killed. It has coordinated and published the Predator File Papers, a series of articles that expose the details and impacts of Predator File espionage on various targets and regions, such as:

  • Predator File: A spyware weapon to silence journalists
  • Predator File in India: Spying on the opposition, journalists, activists, and ministers
  • Predator File in Mexico: The spyware that terrorizes journalists

Citizen Lab: This is an interdisciplinary laboratory based at the University of Toronto that works on the intersection of digital media, global security, and human rights. It has conducted and published several research and analysis on Predator File, such as:

  • Kismet: Predator File Zero Clicks for All?
  • Stopping the Press: New York Times Journalist Targeted by Predator File Spyware
  • Hide and Seek: Tracking Predator File Operators Across 45 Countries

Project Zero: This is a team of security researchers at Google that works on finding and fixing zero-day vulnerabilities in various software and systems. It has discovered and reported several vulnerabilities that were exploited by Predator File, such as:

  • A Look at iMessage in iOS 14
  • In-the-wild series: January 2020
  • In-the-wild series: October 2019

Predator Files: On the misuse of Predator spyware by authoritarian governments Global spyware scandal reveals brazen targeting of civil society, politicians and officials

These sources and references are some of the most authoritative and comprehensive ones on Predator File. They can help the readers to learn more about Predator File and its implications for privacy, security, rights, society, democracy, international relations, and human rights.

Pegasus: The cost of spying with one of the most powerful spyware in the world

Pegasus The Cost of Spying with the Most Powerful Spyware
Pegasus by Jacques Gascuel: This article will be updated with any new information on the topic.

Pegasus: The Cost of Spying

Pegasus is a powerful spyware that has been used by several countries to spy on political figures, journalists, human rights activists or opponents. How does it work, who has been spied on, what are the consequences, and how much does it cost? Find out in this article.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

Pegasus: The Cost of Spying with the Most Powerful Spyware in the World

Pegasus is a spyware developed by the Israeli company NSO Group. It allows to remotely monitor the activities of a mobile phone. According to an investigation conducted by a consortium of international media, several countries have used this software to spy on political figures, journalists, human rights activists or opponents.

The scandal of Pegasus has provoked a global outcry. It has raised many questions about the legality, the ethics and the consequences of this cyber-surveillance. How does Pegasus work? Who has been spied on by Pegasus? Who is responsible for the spying? What are the consequences of the spying? And most importantly, how much does Pegasus cost?

In this article, we will try to answer these questions in detail. We will use reliable and verified sources of information. We will also present some statistics and comparisons to give you an idea of the scale and the impact of Pegasus.

What is Pegasus?

Pegasus is a spyware, also called spy software. It allows to remotely monitor the activities of a mobile phone. It can access the messages, the calls, the contacts, the photos, the videos, the location, the microphone or the camera of the target phone. It can also activate or deactivate certain functions of the phone, such as Wi-Fi or Bluetooth.

Pegasus: a spyware that raises many questions

Pegasus is a powerful spyware that the NSO group designed. It can monitor and steal data and activities from mobile phones secretly. The NSO group is an Israeli company founded in 2010 by former members of Unit 8200; the Israeli military intelligence service. The company claims that its software aims to fight terrorism and organized crime; such as pedophiles or cartel leaders. It also claims that it only sells it to governments or authorized security agencies; with the approval of the Israeli Ministry of Defense. The countries that acquire these systems must respect their commitments stipulated in the license.

However, a consortium of international media outlets revealed that many countries have used Pegasus for other purposes. They have monitored various people, including politicians, journalists, human rights activists and political opponents. This raises many questions about the protection of privacy and human rights in the digital age. It also exposes the vulnerabilities and challenges of cybersecurity in a world where surveillance technologies are becoming more powerful and discreet.

Pegasus works by exploiting security flaws in the operating systems of phones, such as iOS or Android. It can infect a phone in two ways: either by sending a malicious link to the target phone, which must click on it to be infected; or by using a technique called “zero-click”, which allows to infect a phone without any interaction from the user.

Pegasus is a very sophisticated and discreet software. It can self-destruct or camouflage itself to avoid being detected. It can also adapt to security updates of operating systems to continue working. According to NSO Group, Pegasus is able to target more than 50,000 phone numbers in the world.

Unveiling Pegasus Attack Vectors: Stealth and Subterfuge in Cyber Espionage

In the Shadows of Cyber Espionage: Pegasus Strikes Unseen

In the realm of cyber espionage, Pegasus has mastered the art of covert infiltration, employing a spectrum of attack vectors designed to leave its targets unaware and defenseless. As a specialized journalist in the field of espionage, we delve into the clandestine world of Pegasus, shedding light on the methods it employs to breach digital fortresses.

Email: The Trojan Horse

Pegasus’s espionage campaign often commences with a seemingly innocuous email. The target receives a carefully crafted message, concealing a malicious payload. This deception operates with remarkable subtlety, bypassing traditional safeguards. Victims unknowingly execute the payload, granting Pegasus a foothold into their digital lives.

SMS Intrigue: Texts That Betray

SMS messages can become instruments of betrayal when wielded by Pegasus. Crafted to exploit vulnerabilities in messaging apps, these seemingly harmless texts harbor malicious intent. Clicking on a compromised message can be all it takes for Pegasus to silently infiltrate a device.

Web of Deceit: Navigating Vulnerabilities

Pegasus’s reach extends into the very fabric of the internet. Web browsers, portals to information and connectivity, can become gateways for intrusion. By exploiting unpatched browser vulnerabilities, Pegasus sidesteps user interaction, infiltrating systems silently.

WhatsApp’s Vulnerable Connection

Even encrypted platforms like WhatsApp are not impervious to Pegasus’s advances. The spyware capitalizes on vulnerabilities in this widely used messaging app. A simple call on WhatsApp can translate into a gateway for Pegasus’s covert surveillance.

Zero-Click: A Stealthy Intrusion

The pinnacle of Pegasus’s subterfuge is the “Zero-Click” attack vector. Unlike other methods, “Zero-Click” requires no user interaction whatsoever. It preys upon deep-seated operating system vulnerabilities. Pegasus slips in unnoticed, operating in the shadows, and evading all user alerts.

The Stealth Within Pegasus: An Unseen Hand

Pegasus’s ability to infiltrate devices without leaving a trace raises profound concerns regarding detection and defense. Victims may remain oblivious to their compromised status, and traditional security measures struggle to counteract this stealthy foe.

Pegasus Continues to Threaten iPhone User Privacy and Security

In the ever-evolving landscape of digital security, the Pegasus spyware remains a significant threat to iPhone users’ privacy and security. Despite Apple’s rigorous efforts to enhance iOS safeguards, the sophisticated surveillance tool developed by the Israeli firm NSO Group has continually adapted, finding new ways to infiltrate the defenses of one of the world’s most popular smartphones.

Apple’s Proactive Measures Against Pegasus

Apple has been at the forefront of the battle against cyber threats, releasing timely security updates and patches aimed at thwarting Pegasus’s advanced techniques. The company’s commitment to user privacy has led to the development of new security features designed to protect sensitive information from unauthorized access. However, the dynamic nature of cyber threats, exemplified by Pegasus, poses an ongoing challenge to even the most secure platforms.

The Impact on iPhone Users

For iPhone users, the threat of Pegasus spyware is more than just a privacy concern; it’s a direct attack on their freedom of expression and the security of their personal data. The ability of Pegasus to covertly monitor conversations, access encrypted messages, and even activate cameras and microphones without consent has raised alarms worldwide. This level of surveillance capability not only endangers individual users but also threatens the integrity of global communications networks.

Recent Revelations in Jordan Amplify Global Pegasus Concerns

In 2024, shocking reports emerged, spotlighting Jordan’s use of Pegasus against journalists and activists. This development underscores the pervasive reach of NSO Group’s spyware. Allegedly, the Jordanian authorities targeted individuals crucial to civil society. These actions have stoked fears about privacy invasions and press freedom suppression. Amidst Israel-Jordan tensions, this move signals a worrying trend of using cyberweapons to stifle dissent. Consequently, global watchdogs are calling for stringent controls on spyware sales and usage. This incident not only highlights the urgent need for robust digital rights protections but also raises significant ethical questions about surveillance technologies’ global impact.

India’s Pegasus Scandal: A Deep Dive into Surveillance and Democracy

The year 2023 brought to light India’s alleged surveillance of journalists and opposition figures using Pegasus. This revelation has sparked a nationwide debate on privacy, press freedom, and democratic values. High-profile journalists and political dissenters reportedly fell victim to this covert tool, leading to widespread condemnation. Despite government denials and a lack of cooperation with Supreme Court probes, the issue remains unresolved. Such use of Pegasus not only threatens individual freedoms but also undermines the very fabric of democratic societies. As countries grapple with the dual use of surveillance technologies, the call for transparent, regulated, and ethical practices has never been louder. This situation serves as a crucial reminder of the delicate balance between national security and personal liberties.

How Pegasus spied on the Catalan independence movement and the Spanish government

Pegasus, a powerful spyware designed by the NSO Group, has the capability to clandestinely monitor and steal data and activities from mobile phones. A consortium of international media outlets exposed the fact that numerous countries have employed Pegasus to conduct surveillance on various individuals, including political figures, journalists, human rights activists, and political opponents.

In Spain, the Pegasus scandal unfolded, implicating over 60 individuals associated with the Catalan independence movement. According to a report from Citizen Lab, Pegasus was utilized to target these individuals between 2017 and 2020. In an alarming twist, the Spanish government itself accused Pegasus of spying on its own officials in 2021.

The Catalan independence movement under surveillance

The Catalan independence movement represents a political and social endeavor that aims to secure Catalonia’s independence from Spain. This movement gained significant momentum in 2017 when the Catalan government conducted an unauthorized referendum on self-determination. In response, the Spanish government took action by suspending Catalonia’s autonomy and apprehending several of its leaders.

Citizen Lab’s report revealed that Pegasus had specifically targeted more than 60 individuals associated with the Catalan independence movement from 2017 to 2020. This list includes notable figures such as three presidents of the Generalitat of Catalonia: Artur Mas, Quim Torra, and Pere Aragonès. These individuals have taken legal action, filing a complaint against Paz Esteban and the NSO Group. Paz Esteban serves as the director of CNI, Spain’s intelligence service.

Additional alleged victims encompass Members of the European Parliament, lawyers, journalists, and activists. For example, Carles Puigdemont, the former president of Catalonia who sought refuge in Belgium following the referendum, was also subjected to Pegasus surveillance. The list further includes Roger Torrent, the former speaker of the Catalan parliament, and Jordi Cañas, a pro-union Member of the European Parliament.

The Spanish government under attack

The situation escalated in significance when the Spanish government disclosed that Pegasus had also surveilled its own officials in 2021. The government attributed this to an “external attack” but refrained from identifying the perpetrators. Various media outlets hinted at the possibility of Moroccan involvement, occurring against the backdrop of a diplomatic standoff between the two nations.

Prime Minister Pedro Sánchez and Defense Minister Margarita Robles were among the primary targets. In February 2021, while on an official visit to Morocco, their mobile phones fell victim to Pegasus infections8. This compromise allowed the spyware access to their messages, calls, contacts, photos, videos, location, microphone, and camera.

Additionally, Foreign Minister Arancha González Laya and Interior Minister Fernando Grande-Marlaska faced Pegasus surveillance in May 2021. This intrusion occurred during their management of a migration crisis in Ceuta, a Spanish enclave in North Africa that witnessed a mass influx of Moroccan migrants.

The outcry of the victims

Those who have potentially or definitively fallen victim to Pegasus expressed their outrage and concerns surrounding this spying scandal. They vehemently decried it as a grave infringement upon their fundamental rights and vociferously demanded both explanations and accountability. Furthermore, they sought access to the findings of the judicial investigation and the data collected by the spyware.

For example, Quim Torra expressed feeling “violated” and “humiliated” by the intrusive spying. He squarely pointed fingers at the Spanish state and demanded an apology from Prime Minister Sánchez. Torra also declared his intent to pursue legal action against NSO Group and CNI.

Likewise, Pedro Sánchez conveyed his profound worry and anger regarding the spying. He committed to seeking clarifications from Morocco and Israel while simultaneously reinforcing his government’s cybersecurity measures.

What are the consequences of the spying?

Spying by Pegasus inflicted severe consequences on the victims, as well as society and democracy. It violated the victims’ right to privacy, freedom of expression, freedom of information, and presumption of innocence. Additionally, it jeopardized the security, reputation, and well-being of the victims.

Pegasus’ spying activities also eroded trust and cooperation among various actors and institutions. It fostered an atmosphere of suspicion and hostility between Spain and Morocco, neighboring countries with historical and economic ties. Furthermore, it deepened divisions between Madrid and Barcelona, two regions with political and cultural distinctions. The spying undermined the credibility and legitimacy of the Spanish government and its intelligence service.

Moreover, Pegasus’ spying efforts raised awareness and concerns regarding the dangers and abuses of cyber-surveillance. It revealed the lack of control and accountability over the use of spyware by governments and private companies. The spying underscored the necessity for enhanced protection and regulation for human rights defenders, journalists, activists, and other vulnerable groups.

The cost of Pegasus by country: an estimation based on the available sources

NSO Group, an Israeli company specialized in cyber-surveillance, developed Pegasus, a spyware capable of infecting smartphones and accessing their data, including messages, photos, contacts, and location. Pegasus can also activate the microphone and camera of the phone, effectively turning it into a spying tool. But how much does it cost to use Pegasus? And which countries can afford it? This section will attempt to answer these questions based on the available information.

Firstly, the cost of using Pegasus depends on several factors, such as the number of phones targeted, the duration of surveillance, and the type of contract signed with NSO Group. According to The Guardian’s estimate, which relies on internal documents from NSO Group dating back to 2016, a license to monitor 50 smartphones cost 20.7 million euros per year at that time. Similarly, a license for monitoring 100 smartphones cost 41.4 million euros per year. It remains uncertain whether these prices have changed since 2016 or if NSO Group has offered discounts or rebates to certain clients.

Subsequently, the estimated cost of Pegasus by country derives from the number of phones targeted and the operation’s duration, using the average cost provided by The Guardian. These data are approximations and may vary depending on the sources. For instance, Saudi Arabia targeted approximately 15,000 numbers with Pegasus, according to Le Monde, but The Washington Post suggests a figure of 10,000. Likewise, Le Monde indicates that Morocco commenced using Pegasus in 2017, whereas Citizen Lab asserts it was in 2016.

Here is a summary table of the estimates of the cost of Pegasus by country:

Country Number of Phones Targeted Duration of Operation (years) Estimated Cost (in millions of euros)
Spain 60 6 248.4
Saudi Arabia 10 000 5 2070
Azerbaijan 5 000 4 828
Bahrain 3 000 3 372.6
Kazakhstan 1 500 2 124.2
Mexico 15 000 2 1242
Morocco 10 000 5 2070
Rwanda 3 500 4 579.6
Hungary 300 4 49.8
India 1 000 3 124.2
United Arab Emirates 10 000 5 2070

Finally, the total estimated cost of Pegasus for these ten countries would be about 10.5 billion euros over a period of five years.

The cost of Pegasus compared to other indicators

In addition to these estimates, we can also compare the cost of Pegasus with other indicators or expenditures, such as the average income or the budget of a country. This can help us to gain insight into the scale and impact of Pegasus.

For instance, according to Statista, Spain’s average annual income per capita in 2020 was $30,722. El País reported the budget of the Spanish Intelligence Agency (CNI) to be $331 million in 2020, while El Mundo stated that Catalonia’s budget was $40 billion in the same year.

Here is a summary table of the data:

Source Estimated Cost of Pegasus
Le Monde $7 to $20 million per year for 50 to 100 smartphones
TEHTRIS $9 million for 10 targets, $650,000 for a single target
Alain Jourdan $500 million for Spain (Source credibility unclear)
Average Income in Spain (2020) $30,722 per year
Budget of CNI (Spanish Intelligence Agency, 2020) $331 million
Budget of Catalonia (2020) $40 billion

The table demonstrates that Pegasus costs are very high compared to other indicators or expenditures. For instance, according to our previous estimation in the preceding section, Spain would have expended about 248.4 million euros over six years to monitor 60 phones with Pegasus. This amount equals approximately 8 times the budget of the Spanish Intelligence Agency (CNI) in 2020 or about 6% of Catalonia’s budget in the same year. Furthermore, this sum is equivalent to about 8,000 times the average annual income per capita in Spain in 2020.

In conclusion comparison

This comparison highlights that Pegasus represents a significant expense for its users, funds that could have been allocated to other purposes or needs. Moreover, it emphasizes the disproportionate nature of Pegasus costs concerning its victims, often ordinary citizens or government employees.

Assessing the cost of Pegasus with certainty is challenging because it depends on several factors, such as the number of phones targeted, the duration of surveillance, and the type of contract NSO Group signed. To obtain a clearer and more comprehensive view of the cost and scope of Pegasus use, access to NSO Group’s and its clients’ internal data would be necessary.

Statistics on Pegasus: a glimpse into the scale and diversity of Pegasus espionage

NSO Group, an Israeli company specialized in cyber-surveillance, developed Pegasus, a spyware. Pegasus can infect smartphones and access their data, such as messages, photos, contacts, and location. Pegasus can also activate the microphone and camera of the phone, turning it into a spying tool.

But who are the victims of Pegasus? And how many are they? In this section, we will present some statistics based on the available data.

It is important to note that these statistics are not comprehensive, as a sample of 50,000 phone numbers selected by NSO Group’s clients as potential targets forms the basis for them. Forbidden Stories and Amnesty International obtained this sample and shared it with a consortium of media outlets that conducted an investigation. The actual number of Pegasus targets may be much higher, as NSO Group claims to have more than 60 clients in 40 countries.

According to The Guardian’s analysis of the sample:

  • More than 1,000 individuals in 50 different countries have been confirmed as successfully infected with Pegasus.
  • Over 600 politicians and government officials, including heads of state, prime ministers, and cabinet ministers, were identified as potential targets.
  • More than 180 journalists working for prominent media outlets like CNN, The New York Times, Al Jazeera, or Le Monde were selected as potential targets.
  • Over 85 human rights activists, including members of organizations like Amnesty International and Human Rights Watch, were identified as potential targets.

According to Le Monde’s analysis of the same sample:

  • Morocco selected more than 15,000 individuals as potential targets between 2017 and 2019.
  • Mexico selected over 10,000 potential targets between 2016 and 2017.
  • Saudi Arabia selected more than 1,400 potential targets between 2016 and 2019.
  • India selected over 800 potential targets between 2017 and 2019.

Here is a summary table of the key findings from both sources:

Data Source Key Findings
The Guardian (Sample of 50,000 Numbers) Over:

  • 1,000 infections in 50 countries
  • 600 politicians and government officials targeted
  • 180 journalists selected as potential targets
  • 85 human rights activists identified as potential targets
Le Monde (Sample of 50,000 Numbers) Over:

  • 15,000 potential targets in Morocco (2017-2019)
  • 10,000 potential targets in Mexico (2016-2017)
  • 1,400 potential targets in Saudi Arabia (2016-2019)
  • 800 potential targets in India (2017-2019)

These statistics reveal Pegasus surveillance’s extensive reach and diversity, affecting a wide range of individuals and countries with varying motivations and interests. Moreover, they show that Pegasus surveillance has been ongoing for several years without anyone detecting or stopping it.

In conclusion, these statistics provide a glimpse into the scale and diversity of Pegasus espionage. However, they are not exhaustive and may not fully reflect the true extent of Pegasus surveillance. To have a clearer and more complete picture of the victims and the consequences of Pegasus, access to the internal data of NSO Group and its clients would be necessary.

Pegasus Datasheet: a summary of the features and capabilities of Pegasus spyware

Pegasus is a spyware developed by the Israeli company NSO Group, designed for remote monitoring of mobile phone activities. Pegasus can infect smartphones and access their data, such as messages, calls, contacts, photos, videos, location, microphone, and camera. Pegasus can also control some functions of the phone, such as enabling or disabling Wi-Fi, Bluetooth, and more. Pegasus can infect phones through different methods, such as malicious link delivery or the insidious “zero-click” technique, which does not require any user interaction. The duration and frequency of Pegasus surveillance depend on the contract signed with NSO Group, which can vary from client to client.

Below is a datasheet detailing Pegasus, including price estimates and periodicity:

CHARACTERISTIC VALUE ATTACK VECTOR
Name Pegasus  
Developer NSO Group  
Type Spyware  
Function Remote monitoring of mobile phone activities  
Infection Method Malicious link delivery or the insidious “zero-click” technique Email, SMS, Web Browsing, WhatsApp, Zero-Click
Data Access Messages, calls, contacts, photos, videos, location, microphone, camera  
Function Access Capable of enabling/disabling Wi-Fi, Bluetooth, and more  
Periodicity Varied, dependent on contract duration and frequency of updates  
Price Estimate $7 to $20 million per year for 50 to 100 smartphones

Assessing the Pegasus Threat Level After Security Updates and Utilizing Anti-Pegasus Tools

Pegasus is a spyware that exploits security flaws in the operating systems of phones, such as iOS or Android. To reduce the level of threat of Pegasus, one of the ways is to update and patch these operating systems regularly, to fix the vulnerabilities that Pegasus can use.

How security updates can protect the devices from Pegasus

In September 2021, Apple released iOS 14.8 and macOS 11.6 as security updates to protect its devices from the zero-click exploit used by Pegasus. Citizen Lab discovered this exploit, called FORCEDENTRY, in August 2021. FORCEDENTRY allowed Pegasus to infect iPhones without any user interaction. Apple urged its users to install the updates as soon as possible to protect themselves from Pegasus.

Google also released security updates for Android devices in August 2021, according to Linternaute. These updates fixed several vulnerabilities that Pegasus or other spyware could exploit. Google did not specify if these vulnerabilities were related to Pegasus, but it advised its users to update their devices regularly to ensure their security.

However, updating and patching the operating systems may not be enough to prevent or detect Pegasus infections. Pegasus can adapt to security updates and use new exploits that security experts have not yet discovered or fixed.

Advanced Detection and Protection Against Pegasus Spyware

In the ongoing effort to combat the sophisticated Pegasus spyware, cybersecurity experts have developed advanced tools and methods to detect and neutralize such threats. Kaspersky, a leader in global cybersecurity, has recently unveiled a groundbreaking approach that enhances our capability to identify and mitigate the impact of iOS spyware including Pegasus, as well as newer threats like Reign and Predator.

Kaspersky’s Innovative Detection Method

Leveraging the untapped potential of forensic artifacts, Kaspersky’s Global Research and Analysis Team (GReAT) has introduced a lightweight yet powerful method to detect signs of sophisticated spyware infections. By analyzing the Shutdown.log found within the iOS sysdiagnose archive, researchers can now identify anomalies indicative of a Pegasus infection, such as unusual “sticky” processes. This method provides a minimally intrusive, resource-efficient way to pinpoint potential spyware compromises.

Empowering Users with Self-Check Capabilities

To democratize the fight against spyware, Kaspersky has developed a self-check tool available to the public. This utility, based on Python3 scripts, allows users to independently extract, analyze, and interpret data from the Shutdown.log file. Compatible with macOS, Windows, and Linux, this tool offers a practical solution for users to assess their devices’ integrity.

Comprehensive User Protection Strategies

Beyond detection, protecting devices from sophisticated spyware demands a multifaceted approach. Kaspersky recommends several proactive measures to enhance device security:

  • Reboot Daily: Regular reboots can disrupt the persistence mechanisms of spyware like Pegasus, which often relies on zero-click vulnerabilities for infection.
  • Enable Lockdown Mode: Apple’s Lockdown Mode has shown effectiveness in thwarting malware infections by minimizing the attack surface available to potential exploiters.
  • Disable iMessage and Facetime: Given their popularity as vectors for exploitation, disabling these services can significantly reduce the risk of infection.
  • Stay Updated: Promptly installing the latest iOS updates ensures that known vulnerabilities are patched, closing off avenues for spyware exploitation.
  • Exercise Caution with Links: Avoid clicking on unsolicited links, a common method for delivering spyware through social engineering tactics.
  • Regular Checks: Utilizing tools like MVT (Mobile Verification Toolkit) and Kaspersky’s utilities to analyze backups and sysdiagnose archives can aid in early detection of malware.

By integrating these practices, users can significantly bolster their defenses against the most advanced spyware, reducing the likelihood of successful infiltration and ensuring greater digital security and privacy.

Technological Innovations in Spyware Defense: The Case of DataShielder NFC HSM

As nations grapple with policy measures to regulate the use of commercial spyware, technological innovators like Freemindtronic are stepping up to offer robust defenses for individuals against invasive tools like Pegasus. The DataShielder NFC HSM Defense, equipped with EviCore NFC HSM technology, represents a leap forward in personal cybersecurity, offering a suite of features designed to safeguard data and communications from sophisticated spyware threats.

DataShielder NFC HSM: A Closer Look

DataShielder NFC HSM Defense utilizes contactless encryption and segmented key authentication, securely stored within an NFC HSM, to protect users’ digital lives. This groundbreaking approach ensures that secret keys, the cornerstone of digital security, remain out of reach from spyware, thus maintaining the confidentiality and integrity of sensitive information across various communication protocols.

DataShielder NFC HSM Defense: a solution against spyware

Another technology can help users protect themselves from Pegasus and other spyware. This is DataShielder NFC HSM Defense with EviCore NFC HSM, a solution that effectively fights against applications and spyware such as Pegasus. It is an alternative that secures contactless encryption and segmented key authentication system stored encrypted in NFC HSM. Thus, the secret keys are physically externalized and not accessible to the spyware. DataShielder NFC HSM Defense with EviCypher NFC HSM encrypts all types of sensitive data without ever logging the data unencrypted. The user can encrypt all types of data from his contactless phone in volatile memory, including Email, SMS, MMS, RCS, Chat, all messaging in general, all types of messaging, including satellite, without ever saving his texts unencrypted. DataShielder NFC HSM also works in air gap as well as on all types of NFC, Wifi, Bluetooth, Lan, Wan, Camera communication protocols that it encrypts end-to-end from NFC HSM

DataShielder NFC HSM Defense: additional features

In the Defense version of DataShielder NFC HSM, it integrates EviCall NFC HSM technology, which allows users to physically outsource phone contacts and make calls by automatically erasing the call histories of the phone, including encrypted and unencrypted SMS linked to that call number.

DataShielder NFC HSM also includes Evipass NFC HSM contactless password manager technology. It is therefore compatible with EviCore NFC HSM Browser Extension technology. In particular, it carries out all types of autofill and autologin operations. Thus, DataShielder NFC HSM not only allows you to connect by autofilling the traditional login and password identification fields on the phone, whether through applications or online accounts. But also also and on the types of online accounts (lan and wan), applications, software. DataShielder NFC HSM Defense also includes EviKeyboard BLE technology which also extends the use of keys greater than 256 bit. This virtual Bluetooth keyboard allows you to authenticate on the command line, on all types of home automation, electronic, motherboard bios, TMP2.0 key, which accepts the connection of a keyboard on a USB port. All these operations are end-to-end encrypted from NFC HSM up to more than 50 meters away via Bluetooth encrypted in AES-128.

To encrypt sensitive data from their phone, the user will do it from their secret keys only stored in their NFC HSM. They can also do it from their computer using the NFC HSM. This is possible thanks to the interoperability and backward compatibility of the DataShielder NFC HSM Defense ecosystem, which works independently but is interoperable on all Android computer and telephone systems with NFC technology. For example, users can encrypt files, photos, videos, and audio on their phones without ever exposing them to security breaches on the phone or computer.

This is the EviCypher NFC HSM technology dedicated to the encryption and management of AES 256 and RSA 4096 encryption keys.

Similarly, DataShielder also includes EviOTP NFC HSM technology, also in DataShielder NFC HSM Defense, which secures and manages OTP (TOTP and HOTP) secret keys.

Here are all the links : EviPass NFC HSMEviOTP NFC HSMEviCypher NFC HSMEviCall NFC HSM, EviKeyboard BLE

DataShielder NFC HSM Defense vs Pegasus: a comparison table

Data Pegasus DataShielder NFC HSM Defense
Messages, chats Can read and record them unencrypted Encrypts them end-to-end with keys physically externalized in the NFC HSM
Phone contacts Can access and modify them Externalizes and encrypts them in the NFC HSM
Emails Can intercept and read them Encrypts them with the OpenPGP protocol and signs them with the NFC HSM
Photos Can access and copy them Encrypts them with the NFC HSM and stores them in a secure space
Videos Can watch and record them Encrypts them with the NFC HSM and stores them in a secure space
Encrypted messages scanned from the camera Can decrypt them if he has access to the encryption key Encrypts them with the NFC HSM and does not leave any trace of the encryption key
Conversation histories from contacts stored in the NFC HSM Can access and analyze them Erases them automatically after each call or message
Usernames and passwords Can steal and use them Externalizes and encrypts them in the NFC HSM with EviPass technology
Secret keys of OTP Can compromise and impersonate them Externalizes them physically in the NFC HSM with EviOTP technology

Bridging the Gap Between Technology and Privacy

In an era where spyware like Pegasus poses unprecedented threats to personal privacy and security, solutions like DataShielder NFC HSM Defense emerge as essential tools in the individual’s cybersecurity arsenal. By leveraging such technologies, users can significantly mitigate the risk of spyware infections, reinforcing the sanctity of digital privacy in the face of evolving surveillance tactics.

The level of threat of Pegasus in different cases

The level of threat of Pegasus depends on many factors, such as the type and version of the operating system, the frequency and quality of the updates and patches, the availability and effectiveness of the tools, and the behavior and awareness of the users. It is therefore difficult to measure it precisely or universally, as it may vary according to different scenarios and situations.

However, we can try to give some estimates or ranges of levels, based on assumptions or approximations. For example, we can use a scale from 1 (lowest) to 10 (highest) to indicate how likely it is for a device to be infected by Pegasus in different cases:

Case Level of threat
A device with an outdated operating system that has not been updated for a long time 9/10
A device with an updated operating system that has been patched recently 5/10
A device with an updated operating system that has been patched recently and uses antivirus software 3/10
A device with an updated operating system that has been patched recently and uses antivirus software and VPN software 2/10
A device with an updated operating system that has been patched recently and uses antivirus software, VPN software, and anti-spyware software 1/10
A device with an updated operating system that has been patched recently and uses DataShielder NFC HSM 0/10

Latest affairs related to Pegasus

Since the revelations of Forbidden Stories and Amnesty International in July 2021, several new developments have occurred in relation to Pegasus spying. Here are some of them:

  • October 2023, The former head of the Spanish intelligence services has been charged with spying on the regional president of Catalonia, Pere Aragonès, using the Pegasus software, the Spanish justice announced on Monday. Paz Esteban, who was dismissed last year by the government of Pedro Sánchez after the scandal broke out, has been summoned by the Barcelona judge in charge of the case on December 131. The judge said that the facts reported by the moderate separatist leader have the “characteristics” of “possible criminal offenses such as illegal wiretapping and computer espionage
  • In October 2021, Paz Esteban López, the former head of CNI, was charged with crimes against privacy and misuse of public funds for allegedly ordering the spying on Catalan politicians with Pegasus. She is the first high-ranking official to face legal consequences for using Pegasus in Spain.
  • In September 2021, NSO Group announced that it was temporarily suspending its services to several government clients after being accused of facilitating human rights abuses with Pegasus. The company did not specify which clients were affected by this decision.
  • In August 2021, Apple released an urgent security update for its devices after discovering a zero-click exploit that allowed Pegasus to infect iPhones without any user interaction. The exploit, called FORCEDENTRY, was used by NSO Group to target activists, journalists and lawyers around the world. Apple urged its users to install the update as soon as possible to protect themselves from Pegasus.
  • In July 2021, the French government launched an investigation into the alleged spying on President Emmanuel Macron and other senior officials by Morocco using Pegasus. Morocco denied any involvement in the spying and sued Amnesty International and Forbidden Stories for defamation. France also summoned the Israeli ambassador to Paris to demand explanations about NSO Group’s activities.
  • In July 2021, the Israeli government formed a task force to review the allegations against NSO Group and its export licenses. The task force included representatives from the defense, justice and foreign ministries, as well as from the Mossad and the Shin Bet. The task force was expected to report its findings within a few weeks.

These developments show that Pegasus spying has triggered legal, diplomatic and political reactions in different countries. They also show that Pegasus spying has exposed the vulnerabilities and the challenges of cybersecurity in the digital age.

International Policy Measures Against Spyware Misuse

In a landmark move reflecting growing global concern over the misuse of commercial spyware, the United States announced in February 2024 its decision to impose visa restrictions on individuals involved in the abuse of such technologies. This policy, aimed at curbing the proliferation of weapons-grade commercial spyware like Pegasus, marks a significant stride in international efforts to safeguard against digital espionage threats to national security, privacy, and human rights.

The US Stance on Spyware Regulation

The Biden administration’s policy will potentially impact major US allies, including Israel, India, Jordan, and Hungary, underscoring the administration’s commitment to countering the misuse of spyware. This comes on the heels of earlier measures, such as placing Israel’s NSO Group on a commerce department blacklist and prohibiting the US government’s use of commercial spyware, signaling a robust stance against the unregulated spread of spyware technologies.

Global Implications and Diplomatic Efforts

Secretary of State Antony Blinken’s statement linking the misuse of spyware to severe human rights violations highlights the gravity with which the US views the global spyware issue. The policy introduces a mechanism for enforcing visa restrictions on those believed to be involved in or benefiting from the misuse of spyware, sending a strong message about the US’s intolerance for such practices.

A Step Towards Greater Accountability

By targeting individuals involved in the surveillance, harassment, and intimidation of journalists, activists, and dissenters, the US aims to foster a more accountable and ethical global spyware industry. This visa ban, applicable even to individuals from visa waiver countries, represents an “important signal” about the risks associated with the spyware sector, emphasizing the need for international cooperation in addressing these challenges.

Spyware with multiple detrimental impacts

Pegasus is not only a spyware with a high financial cost for its users, but it also entails, whether it is used legitimately or not, a human, social, political and environmental cost for its victims and society as a whole. It is difficult to precisely quantify the cost of the damages caused by the use of Pegasus due to numerous factors and variables that can vary across countries, sectors and periods. However, we can provide some rough estimates and examples to illustrate the scope and diversity of the impacts of the use of Pegasus.

Financial Cost

The financial cost of the damages inflicted by Pegasus can be measured on several fronts:

  • Cost to Victims: Individuals spied on by Pegasus may suffer direct or indirect financial losses, stemming from breaches of their privacy, disclosure of personal or professional information, manipulation, or theft of their financial or tax-related data. For example, a journalist might lose their job or credibility due to information revealed by Pegasus; a lawyer could lose a lawsuit or a client due to a disclosed strategy, and an activist might lose funding or security due to an exposed campaign.
  • Cost to Businesses: Companies targeted by Pegasus may face direct or indirect financial losses related to intellectual property violation, unfair competition, industrial espionage, corruption, and more. For instance, a business could lose a contract or market share because of exposed bids; its reputation and trustworthiness could suffer due to a Pegasus-related scandal, and its competitiveness and profitability could diminish from a compromised trade secret.
  • Cost to States: Nations subject to Pegasus espionage may experience direct or indirect financial losses tied to sovereignty violations, threats to national security, interference in domestic and foreign affairs, among others. An example includes a country’s stability or legitimacy being jeopardized due to a Pegasus-facilitated coup; a nation losing influence or alliances because of negotiations undermined by Pegasus; or a state’s development or environment suffering from a Pegasus-sabotaged project.

Geopolitical Cost

The geopolitical cost of Pegasus-induced damages can be measured on various fronts:

  • Cost to International Relations: The use of Pegasus by some states to spy on others can lead to diplomatic tensions, armed conflicts, economic sanctions, and cooperation ruptures. For example, the espionage of French President Emmanuel Macron by Morocco triggered a crisis between the two nations; spying on Indian Prime Minister Narendra Modi by China escalated their border dispute, and Israeli espionage of Iranian President Hassan Rouhani compromised the nuclear agreement between the two countries.
  • Cost to International Organizations: Pegasus’ deployment by certain states to spy on international organizations can result in violations of international law, human rights abuses, and hindrances to multilateralism. For instance, spying on UN Secretary-General Antonio Guterres by the United States undermined the organization’s independence and impartiality. Similarly, espionage targeting the International Criminal Court by Israel threatened international justice and peace, while spying on the World Health Organization by China disrupted pandemic management.

Economic Cost

The economic cost of the damages caused by Pegasus can be assessed across different dimensions:

  • Cost to Economic Growth: The use of Pegasus by certain states or private actors to spy on other states or private actors can lead to market distortions, productivity losses, capital flight, and offshoring. For example, the espionage targeting the airline company Emirates by Qatar reduced its competitiveness and profitability. Similarly, spying on the oil company Petrobras by the United States triggered an economic and political crisis in Brazil. Additionally, spying on Mexico’s central bank by Venezuela facilitated money laundering and terrorism financing.
  • Cost to Innovation: The utilization of Pegasus by certain states or private actors to spy on other states or private actors can result in patent theft, counterfeiting, hacking, and cyberattacks. For instance, spying on pharmaceutical company Pfizer by China allowed the latter to replicate its COVID-19 vaccine. Simultaneously, espionage against technology giant Apple by North Korea enabled the creation of its smartphone. Furthermore, spying on space company SpaceX by Russia allowed the latter to sabotage its launches.

Human, Social, and Environmental Cost

The human, social, and environmental cost of Pegasus-induced damages can be measured across several aspects:

  • Cost to Human Rights: The use of Pegasus by certain states or private actors to spy on vulnerable individuals or groups can result in violations of the right to life, freedom, security, dignity, and more. For example, the spying on journalist Jamal Khashoggi by Saudi Arabia led to his assassination. Similarly, espionage targeting activist Edward Snowden by the United States led to his exile. Additionally, the espionage of dissident Alexei Navalny by Russia resulted in his poisoning.
  • Cost to Democracy: The deployment of Pegasus by certain states or private actors to spy on political or social actors can lead to infringements on pluralism, transparency, participation, representativeness, and more. For instance, spying on French President Emmanuel Macron by Russia attempted to influence the 2017 French presidential election. Similarly, spying on the Yellow Vest movement by Morocco aimed to weaken the French social movement in 2018. Additionally, espionage against President Joe Biden by Iran sought to infiltrate his transition team in 2020.
  • Cost to the Environment: The use of Pegasus by certain states or private actors to spy on organizations or individuals committed to environmental protection can result in damage to biodiversity, climate, natural resources, and more. For example, spying on Greenpeace by Japan hindered its efforts against whale hunting. Similarly, espionage against the WWF by Brazil facilitated deforestation in the Amazon. Additionally, the spying on climate activist Greta Thunberg by Russia aimed to discredit her climate movement.
  • Cost to Intangibles: The use of Pegasus by certain states or private actors to spy on individuals or groups with symbolic, cultural, moral, or spiritual value can result in losses of meaning, trust, hope, or faith. For instance, espionage against Pope Francis by Turkey undermined his moral and religious authority. Similarly, spying on the Dalai Lama by China compromised his spiritual and political status. Additionally, the espionage of Nelson Mandela by South Africa tarnished his historical and humanitarian legacy.

The Risk of Diplomatic Conflict Arising from Pegasus

The utilization of Pegasus by some states to spy on others can give rise to the risk of diplomatic conflict, which can have severe consequences for international peace and security. The likelihood of diplomatic conflict depends on several factors, including:

  • Intensity and Duration of Espionage: The more extensive and prolonged the espionage, the more likely it is to provoke a strong and lasting reaction from the spied-upon state.
  • Nature and Status of Targets: More important and sensitive targets are more likely to trigger a strong and immediate reaction from the spied-upon state. For instance, spying on a head of state or a minister is more serious than spying on a bureaucrat or diplomat.
  • Relationship and Context Between States: States with tense or conflictual relationships are more likely to provoke a strong and hostile reaction from the spied-upon state. For instance, espionage between rival or enemy states is more serious than espionage between allied or neutral states.

The risk of diplomatic conflict can manifest at various levels:

  • Bilateral Level: This is the most direct and frequent level, where two states clash due to espionage. Possible reactions include official protests, summoning or expelling an ambassador, breaking or freezing diplomatic relations, etc.
  • Regional Level: This level involves a state seeking support from its neighbors or regional partners to bolster its position or condemn the espionage. Possible reactions include joint declarations, collective resolutions, economic or political sanctions, etc.
  • International Level: At this level, a state calls upon international organizations or global actors to support its position or condemn the espionage. Possible reactions include referring the matter to an international court, resolutions by the UN Security Council, humanitarian or military sanctions, etc.

The risk of diplomatic conflict can have various consequences:

  • Political Consequences: It can lead to a deterioration or rupture of relations between the involved states, a loss of credibility or legitimacy on the international stage, internal political instability or crisis, etc.
  • Economic Consequences: It can result in reduced or suspended trade between the involved states, a loss of competitiveness or growth, capital flight or frozen investments, etc.
  • Social Consequences: It can lead to increased or exacerbated tensions or violence among the populations of the involved states, a loss of trust or solidarity, a rise or reinforcement of nationalism or extremism, etc.

Conclusion: Navigating the Pegasus Quagmire with Innovative Defenses

The saga of Pegasus spyware unveils a complex tableau of financial, human, social, political, and environmental ramifications. Pinpointing the exact toll it takes presents a formidable challenge, given the myriad of factors at play. Throughout this article, we’ve endeavored to shed light on the extensive impacts, offering insights and quantifications to bring clarity to this global concern.

Moreover, Pegasus not only incurs a direct cost but also sows the seeds of potential diplomatic strife, pitting states against each other in an invisible battlefield. The severity of these confrontations hinges on the espionage’s scope, the targets’ sensitivity, and the intricate web of international relations. Such conflicts, manifesting across various levels, can significantly strain political ties, disrupt economies, and fracture societies.

In this digital quagmire, the innovative counter-espionage technologies developed by Freemindtronic emerge as a beacon of hope. They offer a testament to the power of leveraging cutting-edge solutions to fortify our digital defenses against the invasive reach of spyware like Pegasus. By integrating such advanced protective measures, individuals and organizations can significantly enhance their cybersecurity posture, safeguarding their most sensitive data and communications in an increasingly surveilled world.

This piece aims to illuminate the shadowy dynamics of Pegasus spyware, drawing back the curtain on its profound implications. For those keen to explore further, we invite you to consult the sources listed below. They serve as gateways to a deeper understanding of Pegasus’s pervasive influence, the ongoing efforts to counteract its invasive reach, and the pivotal role of technologies like those from Freemindtronic in these endeavors.

In a world where digital surveillance perpetually evolves, staying informed, vigilant, and equipped with the latest in counter-espionage technology is paramount. As we navigate these challenges, let us engage in ongoing dialogue, advocate for stringent regulatory measures, and champion the development of robust cybersecurity defenses. Together, we can confront the challenges posed by Pegasus and similar technologies, safeguarding our collective privacy, security, and democratic values in the digital age.

Sources

In crafting this article, we have drawn upon a selection of reputable and verified web sources. Our sources are chosen for their commitment to presenting facts objectively and respecting the presumption of innocence.

This article has been meticulously crafted, drawing upon a diverse array of reputable and verified web sources. These sources have been selected for their unwavering commitment to factual accuracy, objective presentation, and respect for the presumption of innocence. Our investigation delves deep into the complex web of surveillance technology, focusing on the notorious Pegasus spyware developed by NSO Group and the global efforts to detect, regulate, and mitigate its invasive reach. The article sheds light on groundbreaking detection methods, international policy measures against spyware misuse, and the pressing need for enhanced cybersecurity practices.

We analyzed many sources including:

In summary

Additional references from a range of international publications provide further insights into the deployment, implications, and countermeasures associated with Pegasus spyware across various countries, including Saudi Arabia, Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Hungary, India, and the United Arab Emirates. These articles collectively highlight the global challenge posed by Pegasus, the evolving landscape of digital espionage, and the concerted efforts required to safeguard privacy and security in the digital age.

Estimating the Global Reach and Financial Implications of Pegasus Spyware

The deployment of Pegasus spyware across various nations reveals not only the extensive reach of NSO Group’s surveillance tool but also underscores the significant financial and ethical costs associated with its use. The following insights, derived from reputable news sources, offer a glimpse into the scale of Pegasus’s deployment worldwide and its impact on targeted countries:

  1. According to the French Le Monde, Saudi Arabia targeted about 15,000 phone numbers with Pegasus. The cost of one license can be as high as Rs 70 lakh. With one license, multiple smartphones can be tracked. As per past estimates of 2016, for spying on just 10 people using Pegasus, NSO Group charges a minimum of around Rs 9 crore.
  2. The American The Washington Post reported that Saudi Arabia started using Pegasus in 2018. The FBI also confirmed that it obtained NSO Group’s powerful Pegasus spyware in 2019, suggesting that it bought access to the Israeli surveillance tool to “stay abreast of emerging technologies and tradecraft”.
  3. The British The Guardian stated that Azerbaijan aimed at about 5,000 phone numbers with Pegasus. The country is among the 10 governments that have been the most aggressive in deploying the spyware against their own citizens and those of other countries.
  4. As per the American The Washington Post, Azerbaijan began using Pegasus in 2019. The country has been accused of using the spyware to target journalists, activists, and opposition figures, as well as foreign diplomats and politicians.
  5. In the case reported by the French Le Monde, Bahrain focused on about 3,000 phone numbers with Pegasus. The country has been using the spyware since 2020 to target dissidents, human rights defenders, and members of the royal family.
  6. Mentioned in the American The Washington Post, Bahrain initiated Pegasus use in 2020. The country is one of the NSO Group’s oldest customers, having signed a contract with the company in 2016.
  7. As disclosed by the British The Guardian, Kazakhstan directed attention towards approximately 1,500 phone numbers with Pegasus. The country has been using the spyware since 2021 to target journalists, activists, and opposition figures, as well as foreign diplomats and politicians.
  8. According to the American The Washington Post, Kazakhstan commenced Pegasus usage in 2021. The country is one of the newest customers of NSO Group, having signed a contract with the company in 2020.
  9. According to claims made by the Mexican Aristegui Noticias, Mexico targeted about 15,000 phone numbers with Pegasus. The country is the largest known client of NSO Group, having spent at least $61m on the spyware between 2011 and 2017.
  10. As reported by the American The Washington Post, Mexico began Pegasus use in 2020. The country has been using the spyware to target journalists, activists, lawyers, and politicians, as well as the relatives of the 43 students who disappeared in 2014.
  11. As detailed in the French Le Monde, Morocco focused on about 10,000 phone numbers with Pegasus. The country is one of the most prolific users of the spyware, having targeted journalists, activists, lawyers, and politicians, as well as foreign heads of state and government.
  12. Confirmed by the Canadian organization Citizen Lab, Morocco initiated Pegasus usage in 2016. The country is one of the oldest customers of NSO Group, having signed a contract with the company in 2014.
  13. According to findings reported by the British The Guardian, Rwanda honed in on around 3,500 phone numbers with Pegasus. The country has been using the spyware to target dissidents, journalists, and human rights defenders, as well as foreign critics and rivals.
  14. As indicated by the American The Washington Post, Rwanda started Pegasus usage in 2019. The country is one of the newest customers of NSO Group, having signed a contract with the company in 2018.
  15. In the report from the French Le Monde, Hungary aimed at about 300 phone numbers with Pegasus. The country is the only EU member state known to have used the spyware, having targeted journalists, activists, lawyers, and opposition figures.
  16. As conveyed by the Hungarian Direkt36, Hungary initiated Pegasus use in 2018. The country is one of the newest customers of NSO Group, having signed a contract with the company in 2017.
  17. As outlined in the Indian The Wire, India directed attention towards approximately 1,000 phone numbers with Pegasus. The country is one of the largest users of the spyware, having targeted journalists, activists, lawyers, and politicians, as well as the leader of the main opposition party.
  18. According to the British The Guardian, India began Pegasus use in 2019. The country is one of the newest customers of NSO Group, having signed a contract with the company in 2018.
  19. According to the information provided by the French Le Monde, the United Arab Emirates honed in on around 10,000 phone numbers with Pegasus. The country is one of the most aggressive users of the spyware, having targeted journalists, activists, lawyers, and politicians, as well as foreign heads of state and government.
  20. Confirmed by the Canadian organization Citizen Lab, the United Arab Emirates started Pegasus usage in 2016. The country is one of the oldest customers of NSO Group, having signed a contract with the company in 2013.
  21. According to the European Parliament recommendation of 15 June 2023, the EU and its Member States have been affected by the use of Pegasus and equivalent surveillance spyware, which constitutes a serious threat to the rule of law, democracy, human rights and fundamental freedoms. The recommendation calls for a global moratorium on the sale and use of such technologies until robust safeguards are established.
  22. According to the article by Malwarebytes, Pegasus spyware and how it exploited a WebP vulnerability, the spyware exploited a vulnerability in the WebP image format, which allows for lossless compression and restoration of pixels. The article explains how the attackers created specially crafted image files that caused a buffer overflow in the libwebp library, used by several programs and browsers to support the WebP format.
  23. According to the article by ZDNet, ‘Lawful intercept’ Pegasus spyware found deployed in 45 countries, the spyware has been used by government agencies across the world to conduct cross-border surveillance, violating international law and human rights. The article cites a report by Citizen Lab, which identified 45 countries where Pegasus operators may be conducting surveillance operations.
  24. According to the article by The Guardian, Experts warn of new spyware threat targeting journalists and political opponents, a new spyware with hacking capabilities comparable to Pegasus has emerged, developed by an Israeli company called Candiru. The article cites a report by Citizen Lab, which found evidence that the spyware has been used to target journalists, political opposition figures and an employee of an NGO.

WhatsApp Hacking: Prevention and Solutions

whatsapp-hacking-prevention-and-solutions-by-evicrypt-end-or-evifile-hasm-and-nfc-hsm-from-freemindtronic-andorra-technology
WhatsApp hacking by Jacques Gascuel: This article will be updated with any new information on the topic.

How to Secure WhatsApp

WhatsApp is a popular messaging app, but it can also be a target for hackers who want access to your personal and business data. How can you protect yourself from WhatsApp hacking and what should you do if it happens? In this article, you’ll learn some tips and tricks to improve your WhatsApp security, as well as innovative email encryption technology solutions from Freemindtronic

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

How to Prevent and Solve WhatsApp Hacking Issues with Freemindtronic’s Solutions

WhatsApp is one of the most popular messaging apps in the world, with over 2 billion users. But it is not immune to hacking, which can compromise the security and privacy of your conversations. How can you avoid getting your WhatsApp account hacked? And what should you do if it happens?

The risks of WhatsApp hacking

WhatsApp hacking can have serious consequences for the victims. Indeed, hackers can access all the personal and sensitive information stored in the app, such as messages, photos, videos, contacts, groups, etc. They can also impersonate the victim and send fraudulent or malicious messages to their contacts, for example to ask them for money or to click on infected links. They can also spread false information or illegal content using the hacked account.

WhatsApp hacking can also have an impact on the victim’s professional life, if they use the app to communicate with their colleagues, clients or partners. Hackers can access confidential or strategic data, such as contracts, quotes, projects, etc. They can also harm the reputation or credibility of the victim by sending abusive or defamatory messages to their professional interlocutors.

The techniques of WhatsApp hacking

Hackers use different techniques to break into WhatsApp accounts of users. Here are some examples:

  • Phishing: this is a technique that consists of sending a message or an email that seems to come from an official service (such as WhatsApp, Google, Apple, etc.) and that asks the victim to click on a link or provide personal information (such as their phone number, PIN code, password, etc.). The link leads to a fraudulent site that looks like the official site, but that aims to steal the victim’s data. The message may also contain an attachment infected by a malicious software that allows the hacker to take control of the victim’s smartphone.
  • Voice mail: this is a technique that exploits a security flaw in the authentication process of WhatsApp. The hacker dials the victim’s phone number and tries to connect to their WhatsApp account. The app then sends a SMS or a call containing a verification code to the victim. If the victim’s smartphone is turned off or in airplane mode, the SMS remains pending and the call is redirected to the voice mail. The hacker then accesses the voice mail of the victim by using a default secret code (often the last four digits of the number) or by guessing the personalized code. He then listens to the voice message containing the verification code and uses it to connect to the WhatsApp account of the victim.
  • QR code scan: this is a technique that uses the WhatsApp Web feature, which allows using the app on a computer by scanning a QR code displayed on the screen with their smartphone. The hacker takes advantage of a moment of distraction or absence of the victim to access their smartphone and scan the QR code displayed on their computer. He can then access the WhatsApp account of the victim from his computer and consult or send messages.

The prevention measures against WhatsApp hacking

To avoid getting your WhatsApp account hacked, there are several prevention measures to adopt:

  • Activate two-step verification: this is a feature that enhances the security of your account by asking you to enter a six-digit PIN code that you have chosen when you connect to your account from a new device or after a period of inactivity. To activate this feature, you need to go to WhatsApp settings, then in Account option, and select Two-step verification. You then need to choose a PIN code and enter your email address, which will be used to reset your code in case you forget it.
  • Activate fingerprint lock or face recognition: this is a feature that prevents access to the app without biometric authentication of the user. To activate this feature, you need to go to WhatsApp settings, then in Privacy option, and select Fingerprint lock or Face recognition. You then need to choose the automatic lock delay (immediately, after 1 minute or after 30 minutes).
  • Change your voice mail code: this is a measure that aims to prevent hackers from accessing your voice mail by using a default secret code or easy to guess. To change your voice mail code, you need to contact your phone operator and follow their instructions.
  • Do not click on suspicious links or attachments: this is a measure that aims to avoid falling into phishing or malware traps. You always need to check the source and reliability of messages or emails received, and do not click on links or attachments that seem dubious or ask for personal information. You also need to be wary of messages coming from unknown numbers or containing spelling or grammar mistakes.
  • Do not leave your smartphone unattended: this is a measure that aims to prevent hackers from accessing your smartphone and scanning QR codes for connecting with your WhatsApp account from a computer. You always need to lock your smartphone with a code, pattern, fingerprint or face recognition, and do not leave it unattended in a public or accessible place to malicious people.

The technological solutions of Freemindtronic to enhance WhatsApp security

Freemindtronic is an Andorran company that offers technological solutions that use NFC HSM or HSM devices to encrypt texts and files directly in WhatsApp. These technological solutions are EviCrypt and EviFile.

EviCrypt: a solution to encrypt your WhatsApp messages

EviCrypt is a technological solution that allows you to encrypt the texts that you send or receive on WhatsApp from HSM or NFC HSM devices. These nomadic NFC HSM devices have several types of formats, such as bank card (EviCard), tag with key ring with carabiner (EviTag), electronic card for integration into a fixed or portable computer (PCB) and others. The HSM devices are self-created in any type of secure storage medium, including those of Android or iPhone phones and computers and other storage devices. These HSMs contain post-quantum encrypted secret keys, including your own randomly generated encryption keys. These secret keys encrypt the messages on WhatsApp without contact before sending the message. EviCrypt uses AES-256 algorithms to encrypt the message without ever saving the message in clear. The HSM and NFC HSM also have advanced security mechanisms, such as anti-cloning, anti-replay, wireless access control and segmented key authentication.

EviFile: a solution to encrypt your WhatsApp data

EviFile is a technological solution that allows you to encrypt all types of data that you send or receive on WhatsApp from HSM or NFC HSM devices. These portable HSM devices can be created on different types of storage media such as USB key (EviKey), SD card (EviSD), external hard drive (EviDisk) and others. HSM devices are self-created on its secure storage media. Which is also possible on Android or iPhone phones and computers and other storage devices. These HSMs contain, in particular, randomly generated encrypted secret keys. These secret keys encrypt the data on WhatsApp without contact before sending the file. EviFile uses AES-256 algorithms to encrypt data without ever logging it in the clear via a user-defined self-destruct sound method. The HSM and NFC HSM also have advanced security mechanisms, such as anti-cloning, anti-replay, wireless access control and segmented key authentication.

In summary EviCrypt and EviFile

The EviFile technological brick is an innovative and secure solution for encrypting and exchanging data on WhatsApp. It gives you the possibility to choose your own encryption keys and segment them according to your needs. You can also use different encryption keys for the EviFile and EviCrypt technological bricks, which enhances the protection of your data. With EviFile, you can enjoy WhatsApp without ever taking the risk of your sensitive data getting corrupted.

These technological solutions offer a high level of security by adding physical origin trust criteria for each secret or file stored encrypted with these criteria. They also allow great flexibility and ease of use, since they work without contact with an Android smartphone equipped with NFC. They are compatible with all versions of WhatsApp and do not require any modification of the app’s source code.

With these technological bricks, you are never exposed to the risks of corruption or interception of your messages or sensitive files for any reason. Thus, in case of security breach or corruption of your WhatsApp for any reason, whether legitimate or not, or visual access of prying eyes or espionage act, or in case of natural or professional obligation, in short for any reason whatsoever, only the sender or recipients can read the messages and recover the encrypted files via their NFC HSM without ever decrypting the messages or files in WhatsApp. In case of hacking, you need to act quickly and follow the recommended actions, such as disconnecting all devices linked to your account, resetting your PIN code, reactivating your account with your phone number, etc. You also need to warn your contacts, report the hacking to WhatsApp and file a complaint with the competent authorities.

In conclusion

Preventive measures against WhatsApp hacking

WhatsApp hacking is a phenomenon that can affect any user of the app and can have serious consequences on their private and professional life. It is therefore important to protect yourself from attacks by adopting simple and effective prevention measures, such as activating two-step verification, locking by fingerprint or face recognition, changing your voice mail code, etc. It is also recommended to use innovative technological solutions, such as those offered by Freemindtronic, which allow you to encrypt texts and files directly in WhatsApp with physical origin trust criteria.

What to do if WhatsApp is hacked

With these technological solutions, you are never exposed to the risks of corruption or interception of your messages or sensitive files for any reason. Thus, in case of security breach or corruption of your WhatsApp for whatever reason, or visual access of prying eyes or espionage act, or in case of natural or professional obligation, in short for any reason whatsoever, only the sender or recipients can read the messages and recover the encrypted files via their NFC HSM without ever decrypting the messages or files in WhatsApp. In case of hacking, you need to act quickly and follow the recommended actions, such as disconnecting all devices linked to your account, resetting your PIN code, reactivating your account with your phone number, etc. You also need to warn your contacts, report the hacking to WhatsApp and file a complaint with the competent authorities.

Chinese hackers Cisco routers: how to protect yourself?

Hackers Chinois Cisco Routers
Chinese hackers Cisco routers by Jacques Gascuel: This article will be updated with any new information on the topic.

Hackers Chinois Cisco Routers

Hackers of Chinese origin modify the firmware of Cisco routers to break into corporate networks. Discover how Freemindtronic offers you efficient and secure encryption solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

How Chinese hackers infiltrate corporate networks via Cisco routers

A Chinese-backed hacker group, known as BlackTech, has managed to compromise corporate networks around the world by exploiting vulnerabilities in Cisco routers. The hackers have modified the firmware of the routers to install backdoors that allow them to access sensitive data, redirect traffic to malicious servers and hide their tracks.

How does BlackTech operate?

According to a joint report by several cybersecurity and law enforcement agencies in the US and Japan, including the FBI, the NSA and the NISC, BlackTech has been active since at least 2010 and targets mainly sectors such as administration, industry, technology, media, telecommunications and defense. The group first attacks the international subsidiaries of the companies before moving up to the headquarters in the US and Japan.

To get into the networks, BlackTech uses custom malware, dual-use tools and masking tactics, such as disabling logging on the routers, to avoid being detected.

The key point of the attack is the modification of the firmware of the Cisco routers, the embedded software that controls the operation of the devices. BlackTech replaces the official firmware with a corrupted version that contains a backdoor. This backdoor allows the hackers to connect to the router at any time, change its configuration, execute commands and redirect traffic to their servers.

What are the risks and consequences of the attack of the Chinese hackers Cisco routers who use malicious firmware?

The attack by BlackTech poses a serious threat to the security of the targeted companies and organizations. Indeed, the hackers can access confidential information, such as trade secrets, personal data or strategic documents. They can also disrupt the operation of the networks, by causing outages, slowdowns or errors. Finally, they can use the compromised networks as relays to launch other attacks or to spread malware.

The report by the cybersecurity and law enforcement agencies recommends the companies to check the integrity of their Cisco routers, update their firmware, strengthen their security measures and monitor their network traffic. The report also suggests adopting a zero trust security model, which consists of trusting no element of the network and systematically verifying the identity and permissions of the users and devices.

What are the motivations and objectives of BlackTech?

BlackTech is considered as a cyberespionage group backed by China. Its motivations and objectives are therefore probably related to the political, economic and military interests of Beijing. The group seeks to collect information useful for China, to weaken its competitors and adversaries, and to strengthen its influence and power in the world.

BlackTech is not the only Chinese hacker group to target corporate networks. Other groups, such as APT10, APT41 or Winnti, have been identified by cybersecurity experts as actors of cyberespionage on behalf of China. These groups use various techniques, such as phishing, certificate theft or software vulnerabilities, to infiltrate the networks and steal data.

China denies any involvement in these cyberespionage activities and accuses the US of conducting cyberattacks against it. The tensions between the two countries are high on the diplomatic, trade and technological fronts. Cyberwar is one of the strategic challenges of the 21st century.

What are the vulnerabilities exploited by BlackTech?

The report by the cybersecurity and law enforcement agencies does not specify which are the exact vulnerabilities exploited by BlackTech to modify the firmware of the Cisco routers. However, there are several known flaws that affect the routers of the American brand and that could be used by the hackers.

For example, in 2019, Cisco published a security bulletin to warn its customers of a critical vulnerability in the Secure Boot protocol of some of its routers. This vulnerability, named Thrangrycat, allows an attacker with physical or logical access to the router to modify the firmware and install persistent malicious code.

In 2020, Cisco also revealed the existence of a vulnerability in the SNMP (Simple Network Management Protocol) network management protocol of some of its routers. This vulnerability, named CDPwn, allows an attacker located on the same local network as the router to send malformed packets and cause remote code execution.

Another recent example, chinese hackers Cisco routers exploit F5 BIG-IP vulnerability A state-backed hacking group from China, known as BlackTech (September 2023), modifies the firmware of Cisco routers (not directly affected by the vulnerability) to gain access to the networks of US and Japanese companies. The hackers exploit a critical vulnerability (CVE-2022-1388) in F5 BIG-IP devices that allows them to execute arbitrary commands and install a backdoor. Cisco has released a security alert for its customers who use F5 BIG-IP devices in their infrastructure and recommends them to follow the instructions of F5 to apply the patch or the mitigation measures (Cisco Security Advisory). F5 has released a patch for this vulnerability (K23605346) for all affected versions, except 12.1.x and 11.6.x versions, which are end of life. Users and administrators are urged to apply the patch as soon as possible to prevent malicious cyber operations.

These two examples show that Cisco routers are not immune to security flaws that can be exploited by malicious hackers. It is therefore essential for companies to stay informed of security updates and apply them quickly to protect their networks.

The global attack of the Chinese hackers Cisco routers: what is its scope and impact?

It is difficult to assess the scope and impact of this attack at the global level, as the victims are not always aware or willing to reveal that they have been compromised. Nevertheless, it is possible to rely on some clues to get an idea.

According to the report by the cybersecurity and law enforcement agencies, BlackTech has targeted companies and organizations located in several countries, including the US, Japan, Hong Kong, Taiwan, Australia, Germany, France, Italy, Spain, Switzerland, Sweden, Norway, Finland, Belgium, Austria, Czech Republic, Poland, Romania, Slovakia, Hungary, Bulgaria, Greece, Turkey, Israel, India, South Korea, Thailand, Malaysia, Indonesia, Vietnam, Philippines, Brazil, Mexico, Chile, Colombia, Argentina, South Africa, Egypt, Morocco, Algeria, Tunisia, Saudi Arabia, United Arab Emirates, Qatar, Kuwait, Iran, Iraq, Syria, Lebanon, Jordan, Palestine, Pakistan, Bangladesh, Nepal, Sri Lanka, Cambodia, Laos, Myanmar, Singapore, New Zealand, Canada and the UK.

This shows that BlackTech has a global reach and can potentially affect thousands of companies and organizations in various fields. The impact of this attack can be considerable, both economically and security-wise. The hackers can steal strategic information, disrupt essential services, compromise critical infrastructures, harm the reputation of the victims, cause financial damage, or facilitate other forms of cybercrime, such as ransomware, identity theft, fraud, espionage or sabotage.

According to a study by the consulting firm Accenture, the average cost of a cyberattack for a company is 13 million dollars, an increase of 72% since 2014. The study also estimates that cyberattacks have a negative impact on customer trust, employee retention, product and service quality, and operational performance of companies.

Moreover, according to a report by the Center for Strategic and International Studies (CSIS) and the company McAfee, the global cost of cybercrime for the world economy is 600 billion dollars per year, or 0.8% of the global gross domestic product (GDP). The report highlights that cybercrime affects not only companies, but also governments, citizens, non-governmental organizations, and international institutions.

How to protect yourself with Freemindtronic’s technologies?

Among the solutions available on the market to protect against attacks by BlackTech or other hacker groups are innovative products developed by the Andorran company Freemindtronic, which use its NFC HSM and HSM OpenPGP technologies to secure sensitive data and encryption keys. These products are:

  • EviCore NFC HSM, which turns your smartphone, tablet or computer into a hardware security module (HSM) compatible with the OpenPGP standard. It allows you to store, manage and use your encryption keys and secrets with ease and confidentiality, without using a specific secure storage device.
  • EviCore HSM OpenPGP, which turns your smartphone, tablet or computer into a hardware security module (HSM) compatible with the OpenPGP standard. It allows you to store, manage and use your encryption keys and secrets with ease and confidentiality, without using a specific secure storage device. EviCore HSM OpenPGP is an innovation by Freemindtronic that received the Fortress 2023 award for the best encryption solution.
  • EviPass NFC HSM, which allows you to manage your passwords and identifiers in a secure and convenient way. It uses NFC technology to communicate with your smartphone, tablet or computer, and to authenticate you on websites and applications without having to enter or remember your passwords.
  • EviOTP NFC HSM, which allows you to generate one-time passwords (OTP) to enhance the security of your online accounts. It uses NFC technology to communicate with your smartphone, tablet or computer, and to provide you with a 6-digit code whenever you need it.
  • EviCypher NFC HSM, which allows you to encrypt and decrypt your sensitive data with a high level of security. It uses NFC technology to communicate with your smartphone, tablet or computer, and to allow you to encrypt and decrypt your files, messages, emails or notes with a simple gesture.

These technologies can have several benefits for businesses that face the attacks of BlackTech or other hacker groups, by offering enhanced protection of data and encryption keys, as well as strong and convenient authentication. They can also reduce the risks of loss, theft or corruption of data, by using resistant and reliable devices.

Update Cisco Router 2023 clic here

RSA Encryption: How the Marvin Attack Exposes a 25-Year-Old Flaw

NFC HSM Devices and RSA 4096 encryption a new standard for cryptographic security serverless databaseless without database by EviCore NFC HSM from Freemindtronic Andorra
Marvin attack RSA algorithm & NFC HSM RSA-4096 by Jacques Gascuel: This article will be updated with any new information on the topic.

Decrypting Marvin’s Assault on RSA Encryption!

Simply explore the complex area of ​​RSA encryption and discover strategies to repel Marvin’s attack. This article examines the intricacies of RSA 4096 encryption, ensuring your cryptographic keys and secrets are protected. Discover an innovative NFC HSM RSA 4096 NFC encryption protocol, serverless and databaseless.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

How the RSA Encryption – Marvin Attack Reveals a 25-Year-Old Flaw and How to Protect Your Secrets with the NFC HSM Devices

RSA encryptionRSA encryption is one of the most widely used encryption algorithms in the world, but it is not flawless. In fact, a vulnerability of RSA encryption, known as the Marvin attack, has existed for over 25 years and could allow an attacker to recover the private key of a user from their public key. This flaw, which exploits a mathematical property of RSA encryption, was discovered in 1998 by the cryptographer Daniel Bleichenbacher, but it was never fixed or disclosed to the public. In the first part of this article, we will explain in detail how the Marvin attack works and what it means for the security of RSA encryption.

Moreover, NFC HSM and RSA 4096 represent a new dimension in cryptographic security. These technologies allow you to protect and use your cryptographic keys and secrets within a contactless device that communicates with your smartphone through NFC (Near Field Communication). The main advantage they offer is the formidable defense against cyberattacks, achieved by implementing state-of-the-art encryption algorithms and strong security protocols. You can discover more about the very simple functioning of NFC HSM devices for RSA 4096 encryption, as well as their multiple benefits, by reading until the end of this article. Moreover, we will highlight how Freemindtronic used the extreme level of safety of an NFC HSM device to establish, without contact and only on demand, a virtual communication tunnel encrypted in RSA-4096 without a server, without a database, from an NFC HSM device.

The Marvin Attack: Unveiling a 25-Year-Old RSA Flaw

Understanding the Marvin Attack

The Marvin attack targets the RSA algorithm, a foundational asymmetric encryption technique characterized by the use of two distinct keys: a public key and a private key. The public key serves to encrypt data, while the private key is responsible for decryption. These keys mathematically intertwine, yet revealing one from the other presents an exceedingly challenging task.

Named after Marvin the Paranoid Android from “The Hitchhiker’s Guide to the Galaxy,” this attack exploits a vulnerability in the RSA algorithm discovered by Swiss cryptographer Daniel Bleichenbacher in 1998. The vulnerability relates to the padding scheme that the RSA algorithm uses to introduce random bits into the data before encryption. The padding scheme has a design. It makes the encrypted data look random. It also thwarts attacks based on statistics. However, Bleichenbacher showed his ingenuity. He sent special messages to a server. The server used RSA encryption. By doing so, he could learn about the padding scheme. He could also recover the private key.

Implications of the Marvin Attack

The Marvin attack has profound implications for the security and confidentiality of your secrets. If an attacker successfully retrieves your private key, they gain unfettered access to decrypt all your encrypted data and compromise your confidential information. Furthermore, they can impersonate you by signing messages or executing transactions on your behalf.

The Marvin attack isn’t limited to a single domain; it can impact any system or application that uses RSA encryption with a vulnerable padding scheme. This encompasses web servers that employ HTTPS, email servers that use S/MIME, and blockchain platforms that rely on digital signatures.

Notably, NFC HSM devices that use RSA encryption for secret sharing are vulnerable to the Marvin attack. NFC HSM, short for Near Field Communication Hardware Security Module, is a technology facilitating the storage and utilization of cryptographic keys and secrets within contactless devices such as cards, stickers, or keychains. These devices communicate with smartphones via NFC, a wireless technology enabling short-range data exchange between compatible devices.

If an attacker intercepts communication between your NFC HSM device and smartphone, they may try a Marvin attack on your device, potentially recovering your private key. Subsequently, they could decrypt secrets stored within your device or gain access to your online accounts and services.

The Common Factor Attack in RSA Encryption

Understanding the Common Factor Attack

In the realm of RSA encryption, attackers actively exploit a vulnerability known as the Common Factor Attack. Here’s a concise breakdown:

1. Identifying Shared Factors

  • In RSA encryption, public keys (e, n) and private keys (d, n) play pivotal roles.
  • Attackers meticulously seek out common factors within two public keys, exemplified by (e1, n1) and (e2, n2).
  • Upon discovering a shared factor, their mission gains momentum.

2. Disclosing the Missing Factor

  • Once a common factor ‘p’ surfaces, uncovering its counterpart ‘q’ becomes relatively straightforward.
  • This is achieved through the simple act of dividing one key’s module by ‘p’.

3. Attaining Private Keys

  • Empowered with ‘p’ and ‘q,’ attackers adeptly compute private keys like ‘d1’ and ‘d2.’
  • This mathematical process involves modular inverses, bestowing them with access to encrypted content.

4. Decrypting Messages with Precision

  • Armed with private keys ‘d1’ and ‘d2,’ attackers skillfully decrypt messages initially secured by these keys.
  • Employing the formula ‘m = c^d mod n,’ they meticulously unlock the concealed content.

This simplified overview sheds light on the Common Factor Attack in RSA encryption. For a more comprehensive understanding, delve into further details here

Safeguarding Against the Marvin Attack

To fortify your defenses against the Marvin attack, it is imperative to employ an updated version of the RSA algorithm featuring a secure padding scheme. Secure padding ensures that no information about the encrypted data or private key is leaked. For example, you can adopt the Optimal Asymmetric Encryption Padding (OAEP) scheme, a standard endorsed by RSA Laboratories.

Additionally, utilizing a reliable and secure random number generator for generating RSA keys is essential. A robust random number generator produces unpredictable and difficult-to-guess random numbers, a critical element for the security of any encryption algorithm, as it guarantees the uniqueness and unpredictability of keys.

The Marvin attack, though a 25-year-old RSA flaw, remains a persistent threat capable of compromising the security of RSA-encrypted data and communications. Vigilance and adherence to cryptographic best practices are essential for shielding against this menace.

Choosing a trusted and certified provider of NFC HSM devices and RSA encryption services is equally pivotal. A reputable provider adheres to industry-leading security and quality standards. Freemindtronic, a company based in Andorra, specializes in NFC security solutions and has developed a plethora of technologies and patents grounded in NFC HSM devices and RSA 4096 encryption. These innovations offer a spectrum of advanced features and benefits across diverse applications.

In the following section, we will delve into why Freemindtronic has chosen to utilize RSA 4096 encryption in the context of the Marvin attack. Additionally, we will explore how Freemindtronic secures secret sharing among NFC HSM devices, elucidate the concept of NFC HSM devices, and unveil the advantages and benefits of the technologies and patents pioneered by Freemindtronic.

How Does RSA 4096 Work?

RSA 4096 is built upon the foundation of asymmetric encryption, employing two distinct keys: a public key and a private key. The public key can be freely disseminated, while the private key must remain confidential. These keys share a mathematical relationship, but uncovering one from the other poses an exceptionally daunting challenge.

RSA 4096 hinges on the RSA algorithm, relying on the formidable complexity of factoring a large composite number into the product of two prime numbers. RSA 4096 employs prime numbers of 4096 bits in size, rendering factorization virtually impossible with current computational capabilities.

RSA 4096 facilitates four primary operations:

  1. Encryption: Transforming plaintext messages into encrypted messages using the recipient’s public key. Only the recipient can decrypt the message using their private key.
  2. Decryption: Retrieving plaintext messages from encrypted ones using the recipient’s private key. Only the recipient can perform this decryption.
  3. Signature: Adding an authentication element to plaintext messages using the sender’s private key. The recipient can verify the signature using the sender’s public key.
  4. Signature Verification: Validating the authenticity of plaintext messages and their sender using the sender’s public key.

In essence, RSA 4096 ensures confidentiality, integrity, and non-repudiation of exchanged messages.

But how can you choose and utilize secure RSA keys? Are there innovative solutions available to bolster the protection of cryptographic secrets? This is the focal point of our next section, where we will explore the technologies and patents developed by Freemindtronic for RSA 4096 secret sharing among NFC HSM devices.

Technologies and Patents Developed by Freemindtronic for RSA 4096 Secret Sharing among NFC HSM Devices

Freemindtronic employs RSA 4096 to secure the sharing of secrets among NFC HSM devices, driven by a commitment to robust security and trust. RSA 4096 stands resilient against factorization attacks, the most prevalent threats to RSA encryption. It upholds the confidentiality, integrity, and non-repudiation of shared secrets.

Freemindtronic is acutely aware of the potential vulnerabilities posed by the Marvin attack. This attack can compromise RSA if the prime numbers used to generate the public key are too close in proximity. Therefore, Freemindtronic diligently adheres to cryptographic best practices when generating robust and random RSA keys. This involves using large prime numbers, usually larger than 2048 bits, and employing a dependable and secure random number generator Freemindtronic regularly validates the strength of RSA keys through online tools or other means and promptly replaces keys suspected of weakness or compromise.

In summary, Freemindtronic’s selection of RSA 4096 is informed by its robustness. This choice is complemented by unwavering adherence to cryptographic best practices. The incorporation of the EVI protocol bolsters security, ensuring the imperviousness of secrets shared among NFC HSM devices. This will be further elucidated in the following sections

Why Freemindtronic Utilizes RSA 4096 Against the Marvin Attack

Freemindtronic’s choice to utilize RSA 4096 for securing secret sharing among NFC HSM devices is grounded in its status as an asymmetric encryption algorithm renowned for delivering a high level of security and trust. RSA 4096 effectively resists factorization attacks, which are among the most prevalent threats against RSA encryption. It guarantees the confidentiality, integrity, and non-repudiation of shared secrets.

To address the potential consequences of the Marvin attack, Freemindtronic meticulously follows cryptographic best practices when generating strong and random RSA keys. The company employs prime numbers of substantial size, typically exceeding 2048 bits, in conjunction with a reliable and secure random number generator. Freemindtronic vigilantly validates the strength of RSA keys and promptly replaces them if any suspicions of weakness or compromise arise.

Moreover, Freemindtronic harnesses the power of the EVI (Encrypted Virtual Interface) protocol, which enhances RSA 4096’s security profile. EVI facilitates the exchange of RSA 4096 public keys among NFC HSM devices, introducing a wealth of security measures, including encryption, authentication, anti-cloning, anti-replay, anti-counterfeiting, and the use of a black box. EVI also enables the transmission of secrets encrypted with the recipient’s RSA 4096 public key, using the same mechanism.

In summary, Freemindtronic’s selection of RSA 4096 is informed by its robustness, complemented by unwavering adherence to cryptographic best practices. The incorporation of the EVI protocol bolsters security, ensuring the imperviousness of secrets shared among NFC HSM devices. This will be further elucidated in the following sections.

How Freemindtronic Utilizes RSA 4096 to Secure Secret Sharing Among NFC HSM Devices

Freemindtronic leverages RSA 4096 to fortify the security of secret sharing among NFC HSM devices, following a meticulously orchestrated sequence of steps:

  1. Key Generation: RSA 4096 key pairs are generated on each NFC HSM device, utilizing a dependable and secure random number generator.
  2. Public Key Exchange: The RSA 4096 public keys are exchanged between the two NFC HSM devices using the EVI (Encrypted Virtual Interface) protocol. EVI introduces multiple layers of security, including encryption, authentication, anti-cloning, anti-replay, anti-counterfeiting measures, and the use of a black box.
  3. Secret Encryption: The secret is encrypted using the recipient’s RSA 4096 public key, employing a hybrid encryption algorithm that combines RSA and AES.
  4. Secure Transmission: The encrypted secret is transmitted to the recipient, facilitated by the EVI protocol.
  5. Secret Decryption: The recipient decrypts the secret using their RSA 4096 private key, employing the same hybrid encryption algorithm.

Through this meticulous process, Freemindtronic ensures the confidentiality, integrity, and non-repudiation of secrets exchanged between NFC HSM devices. This robust approach thwarts attackers from reading, altering, or falsifying information protected by RSA 4096.

But what exactly is an NFC HSM device, and what communication methods exist for secret sharing among these devices? What are the advantages and benefits offered by the technologies and patents pioneered by Freemindtronic? These questions will be addressed in the subsequent sections.

What Is an NFC HSM Device?

An NFC HSM (Near Field Communication Hardware Security Module) is a specialized hardware security module that communicates wirelessly with an Android smartphone via NFC (Near Field Communication) technology. These devices come in the form of cards, stickers, or keychains and operate without the need for batteries. They feature EEPROM memory capable of storing up to 64 KB of data.

NFC HSM devices are designed to securely store and utilize cryptographic keys and secrets in an isolated and secure environment. They shield data from cloning, replay attacks, counterfeiting, or extraction and include an access control system based on segmented keys.

One prime example of an NFC HSM device is the EviCypher NFC HSM developed by Freemindtronic. This technology allows for the storage and utilization of cryptographic keys and secrets within a contactless device, such as a card, sticker, or keychain. EviCypher NFC HSM offers a range of features, including offline isolation, seamless integration with other technologies, and enhancements to the user experience. With its robust security measures and innovative features, EviCypher NFC HSM sets a new standard for secure communication and secret management in the digital realm.

Resistance Against Brute Force Attacks on NFC HSM

The RSA 4096 private key is encrypted with AES 256. Therefore, the user cannot extract it from the EEPROM memory. The NFC HSM has this memory. It also has other secrets in this memory. This memory is non-volatile. As a result, it can last up to 40 years without power. Consequently, any invasive or non-invasive brute force attack on NFC HSM is destined for failure. This is due to the fact that secrets, including the RSA private key, are automatically encrypted in the EEPROM memory of the NFC HSM using AES-256 with segmented keys of physical origin, some of which are externalized from the NFC HSM.

Real-Time Secret Sharing with EviCore NFC HSM

An intriguing facet of EviCore NFC HSM technology is its ability to facilitate real-time secret sharing without the need for a remote server or database. EviCore NFC HSM accomplishes this by encrypting secrets with the recipient’s randomly generated RSA 4096 public key directly on their NFC HSM device. This innovative approach to secret sharing eliminates the necessity for a trusted third party. Furthermore, EviCore NFC HSM executes these operations entirely in the volatile (RAM) memory of the phone, leaving no traces of plaintext secrets in the computer, communication, or information systems. As a result, it renders remote or proximity attacks, including invasive or non-invasive brute force attacks, exceedingly complex, if not physically impossible. Our EviCore NFC HSM technology is an Android application designed for NFC-enabled phones, functioning seamlessly with our NFC HSM devices. This application serves as both firmware and middleware, constituting an embedded system, offering optimal performance and compatibility with NFC HSM devices.

What Are the Advantages and Benefits of NFC HSM Devices and RSA 4096 Encryption?

NFC HSM devices and RSA 4096 encryption offer numerous advantages and benefits across various applications and domains. Some of these include:

  1. Enhanced Security and Trust: They bolster security and trust in the digital landscape through the utilization of a robust and efficient encryption algorithm that withstands factorization attacks.
  2. Simplified Key and Secret Management: They simplify the management and sharing of cryptographic keys and secrets by leveraging contactless technology for communication with Android phones via NFC.
  3. Improved Device Performance and Compatibility: They enhance device performance and compatibility by functioning as a firmware-like middleware embedded within an Android application for NFC-enabled phones.
  4. Enhanced User Experience: They improve the user experience of devices by offering features such as offline isolation, seamless integration with other technologies, and enhanced user experiences.

In summary, NFC HSMs and RSA 4096 encryption offer inventive and pragmatic answers to the escalating requirements for security and confidentiality in the digital sphere.